Categories Blog 45k Jenkins servers exposed globally due to CVE-2024-23897 (CVSS 9.8) vulnerability Post author By Vinith Sengunthar Post date February 1, 2024 Home » Blog » 45k Jenkins servers exposed globally due to CVE-2024-23897 (CVSS 9.8) vulnerability 45k Jenkins servers exposed globally due to CVE-2024-23897 (CVSS 9.8) vulnerability Overview More than 45000 Jenkins servers are exposed due to a security vulnerability CVE-2024-23897 which has been assigned a critical CVSS score of 9.8. It has a global impact on businesses with instances of Jenkins servers exposed to the security vulnerability with 15806 instances exposed from the US, 11955 instances exposed in China, 3572 in India, 2204 in the Republic of Korea, 1482 in France, and 1179 in the UK. Exploits were first made public on 26 January with fixes through versions 2.442 and LTS 2.426.3 for file read problems. Security experts are currently working on effective patches for this vulnerability. Jenkins is a renowned open-source automation server for Continuous Integration and Continuous Development (CI/CD). It eases building, testing, and deployment processes for developers with extensive plugin support for organizations of varied sizes. Technical Dissection Through the exploitation of this vulnerability, attackers can execute arbitrary command line interface (CLI) commands, giving them access to arbitrary files on the file system of a Jenkin controller. The security vulnerability emerged due to the CLI feature automatically replacing the ‘@’ character succeeding with the file path along with the contents of the files. What makes it dangerous is that it is a default feature on the Jenkins controller file system. Attackers can gain access to any file or the first few lines of a file. They can even access entire files. Currently, there are multiple active exploits. It may increase the possibility of Remote Code Execution attacks through effective manipulation of Resource Root URLs, leading to exposure of sensitive data of different types, including SSH Keys, Credentials, Source Codes, Build Artifacts, and Binary Secrets. Additionally, attackers can decrypt, delete items including secrets, and download Java heap dumps. SharkStriker’s recommendations and implemented measures We highly recommend that CLI be disabled in case of failure to apply patches. It prevents the attackers from completely exploiting Jenkins without needing to restart it. Admins should perform a check whether three key configurations are enabled to prevent unauthenticated users from getting read permissions. Disable the “Allow anonymous read access” setting with authorization mode. Also, disable “Logged-in-users can do anything” as it enables attackers to read files anytime, they want. It is also recommended that “Allow users to sign up” be disabled to prevent unauthorized parties from creating new accounts.” For learning more about the vulnerability you can read the official advisory by Jenkins here. The following are some of the general measures that we have implemented to ensure the security of all our clients and partners: We implemented continuous monitoring of the IT infrastructure. It proactively detects and responds to suspicious activities and threats. We have analyzed and treated all the vulnerabilities with Indicators of Compromise provided by CISA before any operational disruption caused by a cyber-attack. For early detection and quick & precise response to the threats, we have configured their detection mechanisms with the best practices. Through our STRIEGO’s dashboards, our customers can easily check the status of their cybersecurity posture. SearchSearch Recent News Partner Center a unified hub for business growth for partners launched by SharkStriker December 7, 2023 SharkStriker Wins the “SIEM Innovation of the Year” award at the 7th CyberSecurity Breakthrough awardOctober 6, 2023 SharkStriker joins the league of the world’s Top 250 MSSPs, again! September 27, 2023 STRIEGO by SharkStriker: A holistic cybersecurity platform launched September 20, 2023 SharkStriker launches a data center in South AfricaAugust 31, 2023 On-Demand Webinars 8 ways to level up an SMB cybersecurity programJanuary 22, 2024 Know which cyber insurance will fetch you the maximum ROI for your business.July 19, 2023 Charter business growth in cybersecurity services market in 2023May 19, 2023 Live Attack Simulation: Exploring Microsoft Exchange from a Hacker’s POVApril 21, 2023 Affordable enterprise security for SMBsMarch 10, 2023 Services Experience end-to-end managementof statutory and regulatory compliancethrough our dedicated service for compliance Explore More > Latest Post AllBlog Load More Blog Webinar News Guides Videos Data Sheet Services ← How does SharkStriker help you become ADHICS compliant? → How does malware work? What are some common types of malware?