Hijacking NodeJS' Jenkins Agents For Remote Code Execution

Security researchers recently uncovered a critical vulnerability in Node.js’s continuous integration infrastructure that allowed attackers to execute malicious code on internal Jenkins agents, potentially leading to a devastating supply chain attack. Even more concerning, Node.js’s internal investigation revealed that a similar vulnerability existed in their “commit-queue” process, which could have allowed attackers to inject malicious code directly into the main branch, potentially enabling a supply chain attack affecting all Node.js users. The vulnerability allowed attackers to bypass security checks and execute arbitrary code on internal Jenkins agents that build and test the world’s most popular JavaScript runtime environment. “The core issue stems from a Time-of-Check-Time-of-Use (TOCTOU) vulnerability between initiating a CI build and the moment the Jenkins job checks out the code,” explained Node.js’s Technical Steering Committee in their disclosure. Security firm Praetorian revealed on April 30, 2025, that they had discovered serious security gaps in Node.js’s CI/CD pipeline architecture. The Node.js team has earned praise for their transparent handling of the incident and comprehensive remediation efforts, demonstrating a commitment to security that sets an example for open-source projects worldwide.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 01 May 2025 05:45:08 +0000

Cyber News related to Hijacking NodeJS' Jenkins Agents For Remote Code Execution

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability - Last Wednesday, on January 24, 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability, CVE-2024-23897, affecting the Jenkins CI/CD tool. This advisory set off alarm bells among the infosec community because the ...
1 year ago Securityboulevard.com CVE-2024-23897 CVE-2023-23897

SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are - SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Moreimportantly, employees using Browser AI Agents ...
1 month ago Cybersecuritynews.com

PoC Exploits Heighten Risks Around Critical New Jenkins Vuln - Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available. CVE-2024-23897 affects the built-in Jenkins command line interface ...
1 year ago Darkreading.com CVE-2024-23897

New Stealthy NodeJS Backdoor Infects Users via CAPTCHA Verifications - This campaign represents a growing trend of threat actors exploiting seemingly legitimate security measures to distribute malicious code, targeting users who are accustomed to completing CAPTCHA challenges during their regular online activities. When ...
3 months ago Cybersecuritynews.com

Google Unveils A2A Protocol That Enable AI Agents Collaborate to Automate Workflows - The protocol is built on five key design principles: embracing agentic capabilities that allow agents to collaborate in unstructured modalities, building on existing standards like HTTP and JSON-RPC, ensuring security by default with enterprise-grade ...
3 months ago Cybersecuritynews.com

Hijacking NodeJS' Jenkins Agents For Remote Code Execution - Security researchers recently uncovered a critical vulnerability in Node.js’s continuous integration infrastructure that allowed attackers to execute malicious code on internal Jenkins agents, potentially leading to a devastating supply chain ...
3 months ago Cybersecuritynews.com

Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com

Epik, the Far-Right's Favorite Web Host, Has a Shadowy New Owner - A technology company that has been essential in keeping far-right and extremist websites online was acquired last year by a firm that operates an empire of shell companies across the United States, according to people familiar with the deal. Epik.com ...
1 year ago Wired.com

Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
1 year ago Bleepingcomputer.com CVE-2024-23897 CVE-2024-23898

New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
3 months ago Cybersecuritynews.com

AI models can be weaponized to hack websites on their own The Register - AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on their own as malicious agents. ...
1 year ago Go.theregister.com

Microsoft Unveils New Security Copilot Agents & Protections for AI - The Alert Triage Agents in Microsoft Purview prioritize data loss prevention and insider risk incidents, while the Conditional Access Optimization Agent in Microsoft Entra identifies security gaps in identity protection policies. Additional Microsoft ...
4 months ago Cybersecuritynews.com

Critical Jenkins Vulnerability Leads to Remote Code Execution - A critical vulnerability in the built-in command line interface of Jenkins allows attackers to obtain cryptographic keys that can be used to execute arbitrary code remotely. Unauthenticated attackers could exploit the security defect to read the ...
1 year ago Securityweek.com CVE-2024-23897 CVE-2024-23904

45k Jenkins servers exposed to RCE attacks using public exploits - Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Jenkins is a leading open-source ...
1 year ago Bleepingcomputer.com CVE-2023-23897

Key Breakthroughs from RSA Conference 2025 - Day 1 - Sumo Logic unveiled intelligent security operations with capabilities like detection-as-code (bringing DevSecOps to threat detection), UEBA historical baselining (improving accuracy by learning behavior over time), multiple threat intelligence feeds, ...
3 months ago Cybersecuritynews.com Inception

New Slopsquatting Attack Leverage Coding Agents Workflows to Deliver Malware - Researchers have identified a sophisticated new supply-chain threat targeting AI-powered development workflows, where malicious actors exploit coding agents‘ tendency to “hallucinate” non-existent package names to distribute ...
1 month ago Cybersecuritynews.com

Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
1 year ago Blog.zsec.uk Equation

CVE-2021-21413 - isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the ...
4 years ago

Multiple Jenkins Plugin Vulnerability Let Attackers Access Sensitive Information - Eight distinct vulnerabilities observed across Jenkins core and various plugins that could allow attackers to access sensitive information, obtain encrypted secrets, and potentially execute arbitrary code on affected systems. To minimize exposure to ...
4 months ago Cybersecuritynews.com CVE-2024-23897

New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections - Security researchers have outlined a fresh variant of a dynamic link library search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and ...
1 year ago Cysecurity.news

Jenkins Docker Images Vulnerability Let Attackers Insert Themselves in Network Path - The vulnerability, disclosed in a Jenkins Security Advisory on April 10, 2025, affects SSH host key handling in certain Docker images and could allow attackers to execute man-in-the-middle attacks against Jenkins build environments. The vulnerability ...
3 months ago Cybersecuritynews.com

Multiple Jenkins Vulnerability Let Attackers Expose Secrets - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. CloudBees credited Antoine Ruffino, Daniel Beck, and XBOW for discovering these issues, reaffirming the critical role of ...
5 months ago Cybersecuritynews.com

CVE-2022-36127 - A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. ...
3 years ago

CVE-2025-24791 - snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write ...
6 months ago Tenable.com

CVE-2025-54128 - HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production ...
2 weeks ago