The US Cybersecurity and Infrastructure Security Agency (CISA) has added critical security flaw that affects known Jenkins exploited vulnerabilities (KEV) directory after its use in ransomware attacks.
Vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that can lead to code execution.
“The Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that could allow an attacker to restrict read access to certain files, which could lead to code execution,” CISA said in a statement.
It was the first opened By Sonar security researchers in January 2024 and addressed in Jenkins 2.442 and LTS 2.426.3 by disabling the Command Analyzer feature.
Back in March, Trend Micro said it found several attack cases from the Netherlands, Singapore, and Germany, and that it found cases where remote code execution exploits for the flaw are being actively traded.
In recent weeks, CloudSEK and Juniper Networks discovered a series of cyberattacks using CVE-2024-23897 in the wild to infiltrate BORN Group and Brontoo Technology Solutions.
The attacks were attributed to a threat known as IntelBroker and RansomExx gang of extortionists, respectively.
“CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on a Jenkins server” – CloudSEK said. “This vulnerability occurs due to incorrect input validation, which allows an attacker to manipulate certain parameters and trick the server into accessing and displaying the contents of sensitive files.”
Due to the active exploitation of the vulnerability, Federal Civil Enforcement Agency (FCEB) agencies have until September 9, 2024 to apply fixes and protect their networks from active threats.
