CyberSecurityBoard
Sponsor Register Login

Hijacking NodeJS' Jenkins Agents For Remote Code Execution

Security researchers recently uncovered a critical vulnerability in Node.js’s continuous integration infrastructure that allowed attackers to execute malicious code on internal Jenkins agents, potentially leading to a devastating supply chain attack. Even more concerning, Node.js’s internal investigation revealed that a similar vulnerability existed in their “commit-queue” process, which could have allowed attackers to inject malicious code directly into the main branch, potentially enabling a supply chain attack affecting all Node.js users. The vulnerability allowed attackers to bypass security checks and execute arbitrary code on internal Jenkins agents that build and test the world’s most popular JavaScript runtime environment. “The core issue stems from a Time-of-Check-Time-of-Use (TOCTOU) vulnerability between initiating a CI build and the moment the Jenkins job checks out the code,” explained Node.js’s Technical Steering Committee in their disclosure. Security firm Praetorian revealed on April 30, 2025, that they had discovered serious security gaps in Node.js’s CI/CD pipeline architecture. The Node.js team has earned praise for their transparent handling of the incident and comprehensive remediation efforts, demonstrating a commitment to security that sets an example for open-source projects worldwide.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 01 May 2025 05:45:08 +0000


Cyber News related to Hijacking NodeJS' Jenkins Agents For Remote Code Execution

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability - Last Wednesday, on January 24, 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability, CVE-2024-23897, affecting the Jenkins CI/CD tool. This advisory set off alarm bells among the infosec community because the ...
1 year ago Securityboulevard.com CVE-2024-23897 CVE-2023-23897
PoC Exploits Heighten Risks Around Critical New Jenkins Vuln - Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available. CVE-2024-23897 affects the built-in Jenkins command line interface ...
1 year ago Darkreading.com CVE-2024-23897
Google Unveils A2A Protocol That Enable AI Agents Collaborate to Automate Workflows - The protocol is built on five key design principles: embracing agentic capabilities that allow agents to collaborate in unstructured modalities, building on existing standards like HTTP and JSON-RPC, ensuring security by default with enterprise-grade ...
2 weeks ago Cybersecuritynews.com
Hijacking NodeJS' Jenkins Agents For Remote Code Execution - Security researchers recently uncovered a critical vulnerability in Node.js’s continuous integration infrastructure that allowed attackers to execute malicious code on internal Jenkins agents, potentially leading to a devastating supply chain ...
1 hour ago Cybersecuritynews.com
Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com
Epik, the Far-Right's Favorite Web Host, Has a Shadowy New Owner - A technology company that has been essential in keeping far-right and extremist websites online was acquired last year by a firm that operates an empire of shell companies across the United States, according to people familiar with the deal. Epik.com ...
1 year ago Wired.com
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
2 weeks ago Cybersecuritynews.com
Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
1 year ago Bleepingcomputer.com CVE-2024-23897 CVE-2024-23898
AI models can be weaponized to hack websites on their own The Register - AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on their own as malicious agents. ...
1 year ago Go.theregister.com
Microsoft Unveils New Security Copilot Agents & Protections for AI - The Alert Triage Agents in Microsoft Purview prioritize data loss prevention and insider risk incidents, while the Conditional Access Optimization Agent in Microsoft Entra identifies security gaps in identity protection policies. Additional Microsoft ...
1 month ago Cybersecuritynews.com
Critical Jenkins Vulnerability Leads to Remote Code Execution - A critical vulnerability in the built-in command line interface of Jenkins allows attackers to obtain cryptographic keys that can be used to execute arbitrary code remotely. Unauthenticated attackers could exploit the security defect to read the ...
1 year ago Securityweek.com CVE-2024-23897 CVE-2024-23904
45k Jenkins servers exposed to RCE attacks using public exploits - Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Jenkins is a leading open-source ...
1 year ago Bleepingcomputer.com CVE-2023-23897
Key Breakthroughs from RSA Conference 2025 - Day 1 - Sumo Logic unveiled intelligent security operations with capabilities like detection-as-code (bringing DevSecOps to threat detection), UEBA historical baselining (improving accuracy by learning behavior over time), multiple threat intelligence feeds, ...
19 hours ago Cybersecuritynews.com Inception
Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
11 months ago Blog.zsec.uk Equation
CVE-2021-21413 - isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the ...
4 years ago
New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections - Security researchers have outlined a fresh variant of a dynamic link library search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and ...
1 year ago Cysecurity.news
Multiple Jenkins Plugin Vulnerability Let Attackers Access Sensitive Information - Eight distinct vulnerabilities observed across Jenkins core and various plugins that could allow attackers to access sensitive information, obtain encrypted secrets, and potentially execute arbitrary code on affected systems. To minimize exposure to ...
3 weeks ago Cybersecuritynews.com CVE-2024-23897
CVE-2022-36127 - A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. ...
2 years ago
CVE-2025-24791 - snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write ...
3 months ago Tenable.com
Jenkins Docker Images Vulnerability Let Attackers Insert Themselves in Network Path - The vulnerability, disclosed in a Jenkins Security Advisory on April 10, 2025, affects SSH host key handling in certain Docker images and could allow attackers to execute man-in-the-middle attacks against Jenkins build environments. The vulnerability ...
2 weeks ago Cybersecuritynews.com
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad - For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. An outsourced customer service firm can ...
10 months ago Itsecurityguru.org
Multiple Jenkins Vulnerability Let Attackers Expose Secrets - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. CloudBees credited Antoine Ruffino, Daniel Beck, and XBOW for discovering these issues, reaffirming the critical role of ...
1 month ago Cybersecuritynews.com
CI/CD at Risk as Exploits Released For Critical Jenkins Bug - Software developers have been told to urgently patch their Jenkins servers after exploits were published for a new critical vulnerability in the product. Even those without these permissions would be able to read the first few lines of files, ...
1 year ago Infosecurity-magazine.com CVE-2024-23897 CVE-2024-23898
CVE-2019-1003023 - A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, ...
1 year ago
CVE-2019-1003013 - An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)