"45k Jenkins Servers Exposed to RCE Attacks Using Public Exploits"

Security researchers at Shadowserver found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.  Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.  On January 24, 2024, the project released versions 2.442 and LTS 2.426.3 to fix CVE-2024-23897, an arbitrary file read problem that can lead to executing arbitrary command-line interface (CLI) commands.  In the relevant security bulletin, Jenkins says that CVE-2024-23897 exposes unpatched instances to several potential attacks, including RCE, by manipulating Resource Root URLs, "Remember me" cookies, or CSRF protection bypass.  Jenkins noted that depending on the instance's configuration, attackers could decrypt stored secrets, delete items from Jenkins servers, and download Java heap dumps.  Most of the vulnerable internet-exposed instances are in China (12,000) and the United States (11,830), followed by Germany (3,060), India (2,681), France (1,431), and the UK (1,029).

BleepingComputer reports: "45k Jenkins Servers Exposed to RCE Attacks Using Public Exploits"