The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a crucial security flaw impacting Jenkins to its Recognized Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware assaults.
The vulnerability, tracked as CVE-2024-23897 (CVSS rating: 9.8), is a path traversal flaw that might result in code execution.
“Jenkins Command Line Interface (CLI) comprises a path traversal vulnerability that enables attackers restricted learn entry to sure information, which may result in code execution,” CISA stated in a press release.
It was first disclosed by Sonar security researchers in January 2024 and addressed in Jenkins variations 2.442 and LTS 2.426.3 by disabling the command parser characteristic.
Again in March, Development Micro stated it uncovered a number of assault situations originating from the Netherlands, Singapore, and Germany, and that it discovered situations the place distant code execution exploits for the flaw have been actively being traded.
In latest weeks, CloudSEK and Juniper Networks have revealed a collection of cyber assaults exploiting CVE-2024-23897 within the wild to infiltrate the businesses BORN Group and Brontoo Expertise Options.
The assaults have been attributed to menace actor often known as IntelBroker and the RansomExx ransomware gang, respectively.
“CVE-2024-23897 is an unauthenticated LFI vulnerability that enables attackers to learn arbitrary information on the Jenkins server,” CloudSEK stated. “This vulnerability arises from improper enter validation, enabling attackers to govern particular parameters and trick the server into accessing and displaying the contents of delicate information.”
In mild of the lively exploitation of the vulnerability, Federal Civilian Govt Department (FCEB) businesses have time until September 9, 2024, to use the fixes and safe their networks in opposition to lively threats.
