Technology

Critical Jenkins Flaw Exploited in UK Ransomware Attacks

Krishn patel

Krishn patel

2 min read
Critical Jenkins Flaw Exploited in UK Ransomware Attacks

CISA Issues Urgent Warning as Vulnerability Fuels Cybercrime

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a security flaw in Jenkins, a popular open-source automation server. The vulnerability, tracked as CVE-2024-23897, has been exploited in a series of ransomware attacks targeting UK organisations, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog.

The flaw, classified as a path traversal vulnerability, allows attackers to gain limited read access to certain files, potentially leading to code execution. CISA's statement outlines the vulnerability, stating that "Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution."

Discovered by Sonar security researchers in January 2024, the vulnerability was addressed in Jenkins versions 2.442 and LTS 2.426.3 through disabling the command parser feature. However, despite the availability of patches, recent attacks demonstrate the ongoing exploitation of the vulnerability.

Trend Micro reported several attack instances originating from the Netherlands, Singapore, and Germany in March 2024, noting the active trade of remote code execution exploits for the flaw. Further investigations by CloudSEK and Juniper Networks have revealed a series of cyber attacks exploiting CVE-2024-23897 in the wild, targeting UK companies BORN Group and Brontoo Technology Solutions.

These attacks have been attributed to threat actors known as IntelBroker and the RansomExx ransomware gang, respectively. CloudSEK highlights the severity of the vulnerability, stating, "CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on the Jenkins server. This vulnerability arises from improper input validation, enabling attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files."

CISA's alert calls for immediate action, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by 9 September 2024 to secure their networks against these active threats. The agency emphasises the importance of patching systems promptly to mitigate the risk of exploitation.

The exploitation of this critical Jenkins vulnerability underscores the ongoing threat posed by ransomware attacks. Organisations are encouraged to prioritize security updates, implement robust security measures, and stay informed about emerging threats to protect themselves from such cyberattacks.

This article aims to provide accurate and neutral information, focusing on the importance of security updates and the potential impact of vulnerabilities. It highlights the ongoing threat posed by ransomware and the need for organisations to take proactive steps to protect their systems.

Read more