Exploits Published for Jenkins Automation Server
Two vulnerabilities to Jenkins, a widely utilized open-source automation server in software development, have recently been published and active exploitation has been reported.
Jenkins is commonly used in Continuous Integration (CI) and Continuous Deployment (CD) pipelines by developers to automate building, testing, and deploying applications. Immediate action should be taken due to the critical and high severity ratings of the flaws and the strong likelihood of exploitation.
Overview of Jenkins Vulnerabilities
Two significant vulnerabilities, CVE-2024-23897 and CVE-2024-23898, have been identified, posing severe risks to Jenkins installations worldwide. CVE-2024-23897, rated as critical, allows unauthenticated attackers with 'overall/read' permission to read arbitrary files on Jenkins servers. Even users without this permission can access the initial lines of files, depending on available CLI commands.
The flaw originates from the default behavior of the args4j command parser, which permits unauthorized reading of arbitrary files on the Jenkins controller file system. Proof of concepts for the vulnerability has been published (1, 2) and could be utilized by an attack to compromise vulnerable systems.
CVE-2024-23898, on the other hand, is a high severity cross-site WebSocket hijacking vulnerability, enabling attackers to execute arbitrary CLI commands by luring users into clicking malicious links.
Impact and Mitigations
Exploitation of these vulnerabilities could lead to admin privilege escalation, arbitrary remote code execution, and unauthorized access to sensitive data. Jenkins released a security advisory and fixes for the flaws in versions 2.442 and LTS 2.426.3 on January 24, 2024.
- Olivier Beg, Head of Hacking, 2024
- Immediate Patching: Organizations using Jenkins are strongly urged to update to the latest patched versions to mitigate the risks posed by these vulnerabilities.
- Awareness and Vigilance: With the availability of proof-of-concept exploits on platforms like GitHub, heightened awareness and vigilance against potential attacks are essential.
- External Exposure Management: Implementing external exposure management solutions can help identify vulnerabilities proactively, safeguarding systems against exploitation.
The severity of these vulnerabilities once again highlights the importance of maintaining up-to-date software and robust security measures to protect critical infrastructure from emerging threats. By implementing exposure management and identifying risks before they are exploited organizations can improve their security posture, get in touch with our experts to learn more.