tldrdaily.news logo
Tag

Jenkins

All articles tagged with #jenkins

cybersecurity1 year ago

"45k Jenkins Servers at Risk of Remote Code Execution Attacks"

Approximately 45,000 Jenkins servers are vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-23897, due to a feature that allows attackers to read arbitrary files on the Jenkins controller's file system. Multiple public proof-of-concept exploits are in circulation, dramatically elevating the risk for unpatched Jenkins servers. The exposure heatmap indicates a massive attack surface, with most vulnerable instances in China and the United States. Administrators are urged to apply security updates immediately or consult the Jenkins security bulletin for mitigation recommendations and potential workarounds.

via BleepingComputer|
#cve-2024-23897#cybersecurity#jenkins
cybersecurity1 year ago

"Urgent Patch Released for Critical Jenkins RCE Vulnerability"

Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.

via BleepingComputer|
#cybersecurity#exploits#jenkins
software-security2 years ago

"Urgent Patch Required for Critical Jenkins Vulnerability"

Jenkins has resolved nine security flaws, including a critical bug (CVE-2024-23897) that could lead to remote code execution (RCE) through its built-in command line interface (CLI). Attackers could exploit this vulnerability to read arbitrary files on the Jenkins controller file system, potentially leading to various attacks. The flaw has been fixed in Jenkins 2.442, LTS 2.426.3, and a short-term workaround is recommended until the patch can be applied. This comes after Jenkins addressed severe security vulnerabilities last year.

via The Hacker News|
#jenkins#patch#rce