CVE-2024-23897 Enabled Ransomware Attack on Indian Banks
CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.
From Limited file read to full access on Jenkins (CVE-2024-23897)
As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
45,000 Jenkins servers remain vulnerable to RCE attacks
Multiple publicly available exploits have since been published for the critical flaw
Jenkins Security Advisory 2024-01-24
Arbitrary file read vulnerability through the CLI can lead to RCE