<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Jenkins Vulnerability Alert | January 2024

Jenkins Vulnerability Overview


Background Information

On January 24th, 2024 Jenkins released an advisory detailing a serious security flaw (CVE-2024-0204) in their open-source automation server. Jenkins is a tool often used by organizations for software development and collaboration. The vulnerability allows a remote attacker to read files or execute arbitrary code. Corvus has observed similar vulnerabilities lead to exploitation in the past. Security patches have been released and should be applied as soon as possible.

Impact of the Vulnerability

The vulnerability affects Jenkins instances running the following versions:

  • Jenkins 2.441 and earlier
  • Jenkins LTS 2.426.2 and earlier

Attackers can read files and execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.

Next Steps for Jenkins Customers:

  1. Download and install the latest version of the affected products:
    1. Jenkins should be updated to Jenkins 2.442
    2. Jenkins LTS should be updated to version 2.426.3
  2. If you aren’t able to patch, the Jenkins team has provided the following mitigation option:
    1. Disable access to the CLI (see here for documentation on this workaround).

Recent Articles

Handling Cyber Objections: 'Cyber Insurance Is Too Expensive'

Clients may be quick to object to the cost of cyber insurance, but we'll unpack the real 'bang for your buck' argument to cyber coverage.

CDK Global Incident | June 2024

A popular auto dealer software is experiencing a cyber incident. Here's what you need to know.

Cyber and Construction: Laying Groundwork to Combat Digital Threats

The construction sector is facing urgent cybersecurity challenges. Learn more about unique risks and how creative underwriting solutions can help.