topic 45k Jenkins servers exposed to RCE attacks using public exploits in Threats https://community.isc2.org/t5/Threats/45k-Jenkins-servers-exposed-to-RCE-attacks-using-public-exploits/m-p/66764#M1062 <P>Dear all,</P><P>&nbsp;</P><P>Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.</P><P>Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes. It features extensive plugin support and serves organizations of various missions and sizes.</P><P>On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2024-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-public-exploits/?traffic_source=Connatix" target="_blank">https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-public-exploits/?traffic_source=Connatix</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 19:33:56 GMT Kyaw_Myo_Oo 2024-01-30T19:33:56Z 45k Jenkins servers exposed to RCE attacks using public exploits https://community.isc2.org/t5/Threats/45k-Jenkins-servers-exposed-to-RCE-attacks-using-public-exploits/m-p/66764#M1062 <P>Dear all,</P><P>&nbsp;</P><P>Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.</P><P>Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes. It features extensive plugin support and serves organizations of various missions and sizes.</P><P>On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2024-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-public-exploits/?traffic_source=Connatix" target="_blank">https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-public-exploits/?traffic_source=Connatix</A></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jan 2024 19:33:56 GMT https://community.isc2.org/t5/Threats/45k-Jenkins-servers-exposed-to-RCE-attacks-using-public-exploits/m-p/66764#M1062 Kyaw_Myo_Oo 2024-01-30T19:33:56Z Re: 45k Jenkins servers exposed to RCE attacks using public exploits https://community.isc2.org/t5/Threats/45k-Jenkins-servers-exposed-to-RCE-attacks-using-public-exploits/m-p/66770#M1063 A big old distributed honey-net…:p Wed, 31 Jan 2024 00:37:33 GMT https://community.isc2.org/t5/Threats/45k-Jenkins-servers-exposed-to-RCE-attacks-using-public-exploits/m-p/66770#M1063 Early_Adopter 2024-01-31T00:37:33Z