Thousands of Jenkins instances exposed following attack

A critical vulnerability was found in Jenkins, allowing for RCE

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Tens of thousands of Jenkins servers are vulnerable to a high-severity bug that allows threat actors to run malicious code on theendpoints, remotely.

The project recently released two patches addressing the vulnerability, and are urging users to apply them immediately and avoid unnecessary risk.

Jenkins is anopen sourceautomation server for CI/CD, with which developers can build, test, and deploy various processes.

No evidence of abuse (yet)

Last week, the project released versions 2.442, and LTS 2.426.3, which address an arbitrary file read vulnerability tracked as CVE-2024-23897. This vulnerability,BleepingComputerreports, already has multiple proof-of-concept (PoC) exploits in the wild. As per the advisory released with the patches, the problem is in the command-line interface, which automatically replaces the @ character followed by a file path, with the contents of the file. This feature is turned on by default, it was added.

Hackers can abuse it for a number of things, from accessing sensitive information such as secrets, to running malicious code on vulnerable endpoints. They could also delete files from Jenkins servers and download Java heap dumps.

As per a Shadowserver scan, there are roughly 45,000 unpatched Jenkins servers that could be potential targets. The majority of these endpoints is located in China (12,000), followed by the United States (11,830), Germany (3,060), India (2,681), France (1,431), and the UK (1,029). Researchers are saying that there are multiple PoCs already circulating on the internet, but it’s unclear if any threat actors picked up on them or tried to use them in any of their campaigns.

BleepingComputersays that some Jenkins honeypots did observe activities “resembling genuine exploitation attempts”, although the evidence seems to be inconclusive.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Given the severity of the flaw, IT admins are advised to apply the patch as soon as possible. Those that are unable to do so should reach out to the Jenkins project for recommendations and workarounds.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case