Outbreak Alert
Actively exploited in Ransomware campaigns
Cyber threat actors target Jenkins Arbitrary File Read vulnerability (CVE-2024-23897) in ransomware attacks. FortiGuard Labs continues to see active attack telemetry targeting the vulnerability. Learn More »
Common Vulnerabilities and Exposures
Background
Jenkins is an open-source continuous integration (CI) server, and a popular DevOps tool used by thousands of development teams. It manages and controls several stages of the software delivery process, including building, automated testing, packaging, and more.
Jenkins has a built-in Command-Line Interface (CLI) that uses the args4j library to parse command arguments and options on the Jenkins controller during CLI command processing. The vulnerability (CVE-2024-23897) in this library allows unauthenticated users to read the initial lines of any file on the file system, which further leads to RCE.
Additionally, FortiRecon ACI service has observed recent discussions related to CVE-2024-23897 on the Dark Web. Also, a Proof of Concept (PoC) exploit has been made publicly available which makes this vulnerability crucial for patching and detecting any exploitation activity.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Fortinet customers remain protected through the IPS service and has blocked all the known hashes and Indicators of Compromise (IoCs) in the related campagins. FortiGuard Labs advises organizations to apply the latest Jenkins security updates and patches to fully mitigate any risks.
-
August 01, 2024: CloudSEK's threat research team has uncovered a ransomware attack disrupting banking system in India, targeting banks and payment providers.
https://www.cloudsek.com/blog/major-payment-disruption-ransomware-strikes-indian-banking-infrastructure -
July 23, 2024: IntelBroker Threat Actor exploited Jenkins vulnerability to exfiltrate sensitive data, impacting multiple clients.
https://www.cloudsek.com/blog/born-group-supply-chain-breach-in-depth-analysis-of-intelbrokers-jenkins-exploitation -
March 12, 2024: FortiGuard Labs released the Threat Signal Report on CVE-2024-23897.
https://www.fortiguard.com/threat-signal-report/5401/jenkins-arbitrary-file-read-vulnerability-cve-2024-23897 -
January 24, 2024: Jenkins released a security advisory about the vulnerability.
https://www.jenkins.io/security/advisory/2024-01-24/
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Playbook
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Monitoring (Inside & Outside)
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.