The publication of Jenkins patches provoked numerous attempts to hijack systems.
Many exploits to test the concept (Proof-of-Concept, PoC) of a critical Jenkins vulnerability that allows an unauthenticated attacker to read arbitrary files have become publicly available, and cybercriminals are already actively using the flaws in attacks.
On January 24, 2024, Jenkins released fixes for 9 security vulnerabilities and published recommendations that describe various attack scenarios and exploitation paths, as well as patch descriptions and possible workarounds for those who cannot apply updates.
Among the patched vulnerabilities, the critical CVE-2024-23897 stands out in particular, which leads to Remote Code Execution (RCE) and makes it possible to read arbitrary files in the file system of the Jenkins controller.
With extensive information about the Jenkins flaws, many security researchers have reproduced certain attack scenarios and created working PoC exploits for the specified flaw, published on GitHub [Some of them: 1 and 2 ]. The functionality of the PoC has already been verified, so attackers scanning open servers are already actively trying attack scenarios with minimal or no changes. Some researchers report that their Jenkins baits have already been attacked, suggesting that hackers have started exploiting vulnerabilities.
Many exploits to test the concept (Proof-of-Concept, PoC) of a critical Jenkins vulnerability that allows an unauthenticated attacker to read arbitrary files have become publicly available, and cybercriminals are already actively using the flaws in attacks.
On January 24, 2024, Jenkins released fixes for 9 security vulnerabilities and published recommendations that describe various attack scenarios and exploitation paths, as well as patch descriptions and possible workarounds for those who cannot apply updates.
Among the patched vulnerabilities, the critical CVE-2024-23897 stands out in particular, which leads to Remote Code Execution (RCE) and makes it possible to read arbitrary files in the file system of the Jenkins controller.
With extensive information about the Jenkins flaws, many security researchers have reproduced certain attack scenarios and created working PoC exploits for the specified flaw, published on GitHub [Some of them: 1 and 2 ]. The functionality of the PoC has already been verified, so attackers scanning open servers are already actively trying attack scenarios with minimal or no changes. Some researchers report that their Jenkins baits have already been attacked, suggesting that hackers have started exploiting vulnerabilities.
