Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III
‎01-30-2024 02:33 PM
‎01-30-2024 02:33 PM

45k Jenkins servers exposed to RCE attacks using public exploits

Dear all,

 

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.

Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes. It features extensive plugin support and serves organizations of various missions and sizes.

On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2024-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands.

 

https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-publ...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSM | CISSP | PMP
Reply
1 Reply
Early_Adopter
Community Champion
‎01-30-2024 07:37 PM
‎01-30-2024 07:37 PM

A big old distributed honey-net…:p
Reply