"CISA Warns of Jenkins RCE Bug Exploited in Ransomware Attacks"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Jenkins vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The exploitation of this flaw enables Remote Code Execution (RCE). Jenkins is a popular open source automation server that lets developers automate the process of building, testing, and deploying software using Continuous Integration (CI) and Continuous Delivery (CD). This bug stems from a vulnerability in the args4j command parser that unauthenticated attackers can abuse to read arbitrary files on the Jenkins controller file system via the built-in Command Line Interface (CLI). This article continues to discuss CISA's warning regarding the critical Jenkins vulnerability.

BleepingComputer reports "CISA Warns of Jenkins RCE Bug Exploited in Ransomware Attacks"

Submitted by grigby1