August 21, 2024 at 10:35AM Jenkins, a widely used automation server, has been plagued by a critical CVE-2024-23897 vulnerability for seven months, with active exploitation ongoing. The vulnerability, if exploited, can lead to unauthorized file access, cryptographic key exposure, and code execution. Despite a security fix, many users failed to patch their systems, resulting in … Read more
August 20, 2024 at 01:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Jenkins to its Known Exploited Vulnerabilities catalog. The CVE-2024-23897 vulnerability, with a CVSS score of 9.8, allows code execution and has been actively exploited in ransomware attacks. Federal agencies have until September 9, 2024, to … Read more
January 30, 2024 at 12:55PM Summary: Tens of thousands of public-facing Jenkins servers are vulnerable to the critical vulnerability CVE-2024-23897, with the majority of exposures in the US, China, India, Germany, Republic of Korea, France, and the UK. Admins are urged to patch against the risk of remote code execution, as exploits are publicly available. … Read more