All articles tagged with #jenkins
The Steelers trade for Michael Pittman Jr. from the Colts, a move sparked by Pittman’s wife dreaming he’d wear a Steelers jersey. The Ravens won’t tender running back Keaton Mitchell, potentially opening him to free agency. The Packers release offensive lineman Elgton Jenkins as Isaac Seumalo signs with the Cardinals, leaving Pittsburgh with OL questions and perhaps eyeing Jenkins as a target.
Approximately 45,000 Jenkins servers are vulnerable to a critical remote code execution (RCE) flaw, CVE-2024-23897, due to a feature that allows attackers to read arbitrary files on the Jenkins controller's file system. Multiple public proof-of-concept exploits are in circulation, dramatically elevating the risk for unpatched Jenkins servers. The exposure heatmap indicates a massive attack surface, with most vulnerable instances in China and the United States. Administrators are urged to apply security updates immediately or consult the Jenkins security bulletin for mitigation recommendations and potential workarounds.
Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.
Jenkins has resolved nine security flaws, including a critical bug (CVE-2024-23897) that could lead to remote code execution (RCE) through its built-in command line interface (CLI). Attackers could exploit this vulnerability to read arbitrary files on the Jenkins controller file system, potentially leading to various attacks. The flaw has been fixed in Jenkins 2.442, LTS 2.426.3, and a short-term workaround is recommended until the patch can be applied. This comes after Jenkins addressed severe security vulnerabilities last year.