The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a essential safety flaw impacting Jenkins to its Recognized Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware assaults.
The vulnerability, tracked as CVE-2024-23897 (CVSS rating: 9.8), is a path traversal flaw that might result in code execution.
“Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution,” CISA mentioned in a press release.
It was first disclosed by Sonar safety researchers in January 2024 and addressed in Jenkins variations 2.442 and LTS 2.426.3 by disabling the command parser function.
Again in March, Development Micro mentioned it uncovered a number of assault cases originating from the Netherlands, Singapore, and Germany, and that it discovered cases the place distant code execution exploits for the flaw have been actively being traded.
In latest weeks, CloudSEK and Juniper Networks have revealed a sequence of cyber assaults exploiting CVE-2024-23897 within the wild to infiltrate the businesses BORN Group and Brontoo Expertise Options.
The assaults have been attributed to risk actor often called IntelBroker and the RansomExx ransomware gang, respectively.
“CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on the Jenkins server,” CloudSEK mentioned. “This vulnerability arises from improper input validation, enabling attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files.”
In gentle of the lively exploitation of the vulnerability, Federal Civilian Government Department (FCEB) companies have time until September 9, 2024, to use the fixes and safe their networks in opposition to lively threats.
