CyberSecurityBoard
Sponsor Register Login

45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation.
Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.
It features extensive plugin support and serves organizations of various missions and sizes.
On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2023-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface commands.
This feature, enabled by default, allows attackers to read arbitrary files on the Jenkins controller's file system.
Depending on their level of permissions, attackers can exploit the flaw to access sensitive information, including the first few lines of any file or even entire files.
Depending on the instance's configuration, attackers could decrypt stored secrets, delete items from Jenkins servers, and download Java heap dumps.
Late last week, security researchers warned of multiple working exploits for CVE-2023-23897, which dramatically elevates the risk for unpatched Jenkins servers and increases the likelihood of in-the-wild exploitation.
Researchers monitoring Jenkins honeypots observed activities that resemble genuine attempts at exploitation, although there's no conclusive evidence yet.
Most of the vulnerable internet-exposed instances are in China and the United States, followed by Germany, India, France, and the UK. Shadowserver's stats represent a dire warning to Jenkins administrators, as hackers are very likely already conducting scans to find potential targets, and CVE-2023-23897 can have severe repercussions if successfully exploited.
Users unable to apply the available security updates immediately should consult the Jenkins security bulletin for mitigation recommendations and potential workarounds.
Exploits released for critical Jenkins RCE flaw, patch now.
Cisco warns of critical RCE flaw in communications software.
Critical SonicWall firewall patch not released for all devices.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.
Hackers are exploiting critical Apache Struts flaw using public PoC..


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 29 Jan 2024 22:05:10 +0000


Cyber News related to 45k Jenkins servers exposed to RCE attacks using public exploits

45k Jenkins servers exposed to RCE attacks using public exploits - Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Jenkins is a leading open-source ...
10 months ago Bleepingcomputer.com
PoC Exploits Heighten Risks Around Critical New Jenkins Vuln - Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available. CVE-2024-23897 affects the built-in Jenkins command line interface ...
10 months ago Darkreading.com
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability - Last Wednesday, on January 24, 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability, CVE-2024-23897, affecting the Jenkins CI/CD tool. This advisory set off alarm bells among the infosec community because the ...
10 months ago Securityboulevard.com
JetBrains warns of new TeamCity auth bypass vulnerability - JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical ...
10 months ago Bleepingcomputer.com
Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
10 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
11 months ago Bleepingcomputer.com
Hackers exploit critical RCE flaw in Bricks WordPress site builder - Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven ...
10 months ago Bleepingcomputer.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
6 months ago Darkreading.com
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
1 year ago Bleepingcomputer.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
1 year ago Bleepingcomputer.com
Mastodon vulnerability allows attackers to take over accounts - Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. The platform became popular after Elon Musk acquired Twitter and ...
10 months ago Bleepingcomputer.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
11 months ago Bleepingcomputer.com
Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
10 months ago Bleepingcomputer.com
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
10 months ago Bleepingcomputer.com
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits - The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. The flaw allows remote code execution and was fixed in late October. Apache's ...
1 year ago Bleepingcomputer.com
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com
Leaky Vessels flaws allow hackers to escape Docker, runc containers - The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could ...
10 months ago Bleepingcomputer.com
CI/CD at Risk as Exploits Released For Critical Jenkins Bug - Software developers have been told to urgently patch their Jenkins servers after exploits were published for a new critical vulnerability in the product. Even those without these permissions would be able to read the first few lines of files, ...
10 months ago Infosecurity-magazine.com
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
1 year ago Bleepingcomputer.com
Fake AV websites used to distribute info-stealer malware - CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
6 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)