Critical Jenkins Vulnerability Used in Ransomware Attacks Alerted by CISA

0
123
Critical Jenkins Vulnerability Used in Ransomware Attacks Alerted by CISA
Critical Jenkins Vulnerability Used in Ransomware Attacks Alerted by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious security vulnerability impacting Jenkins to its list of known exploited vulnerabilities (KEV) after it was utilized in ransomware attacks.

After being used in ransomware attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a severe security issue affecting Jenkins to its list of known exploited vulnerabilities (KEV). The vulnerability is a path-traversal weakness that could result in code execution. It is listed as CVE-2024-23897 (CVSS score: 9.8). “Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution,” the CISA warned in a statement.

Security researchers from Sonar initially discovered it in January 2024, and Jenkins versions 2.442 and LTS 2.426.3 fixed it by turning off the command parser capability. In March of last year, Trend Micro reported that it had discovered multiple attack cases that were coming from Germany, Singapore, and the Netherlands. It also reported that it had discovered cases where the vulnerability’s remote code execution exploits were being actively traded.

Recent weeks have seen a number of cyberattacks that have been made public by CloudSEK and Juniper Networks, which took advantage of CVE-2024-23897 in the wild to compromise BORN Group and Brontoo Technology Solutions. The RansomExx ransomware gang and threat actor IntelBroker have been identified as the perpetrators of the attacks, respectively.

According to CloudSEK, “CVE-2024-23897 is an unauthenticated LFI vulnerability that lets attackers read any files on the Jenkins server.” “This vulnerability arises from improper input validation, enabling ransomware attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files.” In light of the active exploitation of the vulnerability, Federal Civilian Executive Branch (FCEB) entities have time until September 9, 2024, to deploy the remedies and secure their networks against active threats.

Also readAt Jar, we’ve leveraged cutting-edge technology to enhance our platform’s efficiency and user-friendliness, says Nishchay Ag, Co-founder and CEO of Jar

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.