January 30, 2024 at 12:55PM
Summary:
Tens of thousands of public-facing Jenkins servers are vulnerable to the critical vulnerability CVE-2024-23897, with the majority of exposures in the US, China, India, Germany, Republic of Korea, France, and the UK. Admins are urged to patch against the risk of remote code execution, as exploits are publicly available. Windows instances are particularly susceptible due to character encoding, and disabling the Command Line Interface (CLI) and adjusting key configuration settings are recommended preventive measures.
Based on the meeting notes, here are the key takeaways:
1. There are tens of thousands of public-facing installs of Jenkins servers vulnerable to the recently disclosed critical vulnerability CVE-2024-23897.
2. Internet security data company Shadowserver’s scans indicate approximately 45,000 vulnerable instances, with the majority of exposures in the US and China.
3. The vulnerability, if exploited, could lead to remote code execution and exposes sensitive data such as SSH keys, binary secrets, credentials, source code, and build artifacts.
4. The vulnerability takes advantage of a feature of Jenkins’ built-in command line interface (CLI), and the recommended action is to apply the necessary patches or disable the CLI.
5. It’s important to ensure that specific configuration settings are not enabled to prevent giving unauthenticated users read permissions.
Admins are strongly advised to apply the patches or disable the CLI to prevent exploitation and take necessary measures to secure the Jenkins servers.