August 20, 2024; CISA has added CVE-2024-23897, a critical Jenkins vulnerability, to its catalog of known exploited vulnerabilities. The flaw, “Jenkins Command Line Interface” is a path traversal flaw that could lead to code execution. It carries a CVSS score of 9.8/10.
According to CISA, “Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to remote code execution.”
Attackers can exploit the command line interface vulnerability to escalate privileges to administrator status and display the contents of sensitive files by manipulating specific parameters and tricking the server into granting access.
Researchers have already found cyber threat actors actively exploiting this flaw, attributing attacks to groups known as IntelBroker and RansomExx ransomware groups.
Mitigation
Users are recommended to upgrade to Jenkins 2.442, LTS 2.426.3, or LTS 2.440.1 immediately. If users are unable to upgrade to the versions immediately, mitigation workarounds include disabling CLI access and preventing WebSocket access using a reverse proxy.
Federal Civilian Executive Branch (FCEB) agencies have until September 9th to apply recommended fixes to secure networks against threats stemming from this vulnerability.
Solutions
With any system vulnerabilities that carry a high likelihood of exploitation and risk, it’s important to make sure you have a clear understanding of potential flaws within your network. Contact SecuLore for a Cyber Benchmark to get started on a cybersecurity risk assessment to get help determining vulnerabilities in your network and get actionable recommendations based on real data captured from your network through our assessment, including immediate remediation options.
If you are concerned about this flaw impacting your network, contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.