Alert about Critical Jenkins Weakness Used in Ransomware Incidents
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has included a severe security issue affecting Jenkins in its Active Exploited Weaknesses (KEV) catalog due to its involvement in ransomware incidents.
The flaw, identified as CVE-2024-23897 (CVSS score: 9.8), is a path traversal weakness that has the potential to trigger code execution.
CISA mentioned in a statement, “Jenkins Command Line Interface (CLI) features a path traversal vulnerability that grants attackers restricted read privileges to specific files, thereby leading to code execution.”
This weakness was initially revealed by security experts at Sonar in January 2024 and resolved in Jenkins versions 2.442 and LTS 2.426.3 by deactivating the command parser functionality.
Earlier this year, Trend Micro reported multiple attack incidents originating from the Netherlands, Singapore, and Germany, highlighting active trading of remote code execution exploits for the vulnerability.
Recent reports from CloudSEK and Juniper Networks have unveiled a series of cyber assaults leveraging CVE-2024-23897 to infiltrate organizations like BORN Group and Brontoo Technology Solutions.
The incidents have been linked to a malicious actor identified as IntelBroker and the RansomExx ransomware crew.
CloudSEK affirmed, “CVE-2024-23897 is an unauthenticated LFI vulnerability enabling malicious individuals to read arbitrary files on the Jenkins server. This vulnerability originates from inadequate input validation, allowing attackers to manipulate particular parameters and deceive the server into opening and showing contents of sensitive files.”
Considering the ongoing exploitation of this vulnerability, Federal Civilian Executive Branch (FCEB) agencies have until September 9, 2024, to implement the necessary patches and safeguard their networks against active dangers.
About Author
