CVE-2024-23897 Enabled Ransomware Attack on Indian Banks
CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.
From Limited file read to full access on Jenkins (CVE-2024-23897)
As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.
Jenkins Security Advisory 2024-08-07 CVE-2024-43044 CVE-2024-43045
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.
45,000 Jenkins servers remain vulnerable to RCE attacks
Multiple publicly available exploits have since been published for the critical flaw
Jenkins Security Advisory 2024-01-24
Arbitrary file read vulnerability through the CLI can lead to RCE
infosec company owned completely by 4chan user
yesterday evening an anonymous 4chan user dumped a leak on the /g/ technology board, claiming to have completely owned risk visualization company optimeyes:
Jenkins discloses dozens of zero-day bugs in multiple plugins
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.
Jenkins discloses dozens of zero-day bugs in multiple plugins
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.