Thousands of Jenkins instances exposed following attack


Key Topics in this News Article:

News Snapshot:

Tens of thousands of Jenkins servers are vulnerable to a high-severity bug that allows threat actors to run malicious code on the endpoints, remotely. The project recently released two patches addressing the vulnerability, and are urging users to apply them immediately and avoid unnecessary risk. Jenkins is an open source automation server for CI/CD, with which developers can build, test, and deploy various processes. No evidence of abuse (yet) Last week, the project released versions 2.442, and LTS 2.426.3, which address an arbitrary file read vulnerability tracked as CVE-2024-23897. This vulnerability, BleepingComputer reports, already has multiple proof-of-concept (PoC) exploits in...