The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks.
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
“Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution,” CISA said in a statement.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
It was first disclosed by Sonar security researchers in January 2024 and addressed in Jenkins versions 2.442 and LTS 2.426.3 by disabling the command parser feature.
Back in March, Trend Micro said it uncovered several attack instances originating from the Netherlands, Singapore, and Germany, and that it found instances where remote code execution exploits for the flaw were actively being traded.
In recent weeks, CloudSEK and Juniper Networks have revealed real-world attacks exploiting CVE-2024-23897 in the wild to infiltrate the companies BORN Group and Brontoo Technology Solutions.
The attacks have been attributed to threat actor known as IntelBroker and the RansomExx ransomware gang, respectively.
“CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on the Jenkins server,” CloudSEK said. “This vulnerability arises from improper input validation, enabling attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files.”
In light of the active exploitation of the vulnerability, Federal Civilian Executive Branch (FCEB) agencies have time till September 9, 2024, to apply the fixes and secure their networks against active threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia