Software development: Malicious code attacks on Jenkins server observed

The US Cybersecurity & Infrastructure Security Agency (CISA) warns of attacks on Jenkins servers. Security updates are available for download.

Jenkins helps with software development by combining APIs and libraries, for example, in order to automate processes such as build processes. According to a warning message, the currently actively exploited vulnerability (CVE-2024-23897) is classified as"critical".

Critical malicious code vulnerability

The vulnerability is located in the Command Line Interface (CLI). Attackers can use crafted requests to gain unauthorized access to data such as cryptographic keys. In conjunction with other prerequisites, such as if the CLI WebSocket endpoint is accessible, attackers can even push malicious code onto systems and execute it.

To secure systems against this, admins should install one of the following versions: 2.442, LTS 2.426.3 or LTS 2.440.1. If admins cannot currently install the security patches, they should protect systems by disabling CLI access until they are installed.

According to the results of the Shadowserver search engine, more than 28,000 Jenkins instances worldwide are vulnerable to the malicious code attack. In Germany, this affects around 2000 servers.

Further threats

The Jenkins developers have also closed other vulnerabilities in the current versions. These include another vulnerability that allows attackers to smuggle in malicious code (CVE-2024-23899, high). Attackers can also view access data due to insufficient checks.

The developers provide further information on the remaining vulnerabilities and security patches in a warning message.

(des)