August 19, 2024 at 03:22PM CISA warns of critical Jenkins vulnerability (CVE-2024-23897) exploited for remote code execution. Multiple PoCs published online with over 28,000 exposed instances. Trend Micro reports exploitation started in March, with recent breaches affecting Indian banks. CISA orders FCEB agencies to secure servers by September 9, urging all organizations to prioritize fixing … Read more
March 19, 2024 at 02:42AM Summary: Jenkins, a widely used open-source automation server, is affected by the CVE-2024-23897 file read vulnerability, allowing unauthorized access to files. This vulnerability poses a severe security risk, with potential exploitation scenarios including remote code execution. Various attack instances have been observed, emphasizing the urgency of securing Jenkins installations. Trend … Read more
January 31, 2024 at 07:42AM The Shadowserver Foundation has identified 45,000 exposed Jenkins instances with a critical vulnerability, potentially being exploited in the wild. Unauthenticated attackers can access limited data from files, while authenticated attackers may obtain full file contents, including sensitive Jenkins secrets. Researchers reported in-the-wild exploitation prior to the public release of the … Read more
January 29, 2024 at 05:05PM Around 45,000 Internet-exposed Jenkins servers remain unpatched against a critical arbitrary file-read vulnerability (CVE-2024-23897), allowing remote code execution. Proof-of-exploit code is available, with reports of attackers attempting to exploit. The vulnerability affects the Jenkins CLI and can lead to data theft, system compromise, and disrupted pipelines. An immediate software update … Read more
January 29, 2024 at 11:12AM It is critical to update to the latest Jenkins versions due to a recently disclosed vulnerability (CVE-2024-23897). The security flaw in Jenkins versions before 2.442 and LTS 2.426.3 allows attackers to read sensitive information and execute arbitrary code. Organizations are urged to update to the patched versions or disable the … Read more
January 28, 2024 at 12:17PM Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to access arbitrary files have been made public. SonarSource discovered two flaws, one granting unauthorized file reading and the other enabling arbitrary command execution. Jenkins released fixes with advisory and PoCs have been created, with reported active attacks. … Read more