HomeCyber BalkansExploit Released for Critical Jenkins Remote Code Execution Flaw

Exploit Released for Critical Jenkins Remote Code Execution Flaw

Published on

spot_img

A critical vulnerability in Jenkins has been discovered, posing a serious threat as it could be exploited by threat actors for malicious purposes. Tracked as CVE-2024-23898, the severity of this vulnerability is yet to be classified. However, the good news is that Jenkins has already addressed this vulnerability in their latest versions, 2.442 and LTS 2.426.3. With Jenkins currently holding a market share of 44% as of 2023, the potential impact of this vulnerability being exploited could be catastrophic.

The vulnerability, CVE-2024-23898, is associated with Cross-Site WebSocket hijacking due to the lack of origin validation of requests made through the CLI WebSocket endpoint. This flaw could allow threat actors to execute CLI commands on the Jenkins controller under specific criteria. It is worth noting that most web browsers do not implement a “lax by default” policy which could serve as a safeguard against this vulnerability. However, exploiting the vulnerability requires a malicious link to be sent to the victim, and user interaction is mandatory.

Reports from SonarSource have detailed that one of the methods to invoke the Jenkins-CLI command is through the use of web sockets. Jenkins-CLI allows users to execute custom commands implemented in the Hudson/CLI directory of the Jenkins Git repository. The most common way of invoking a command is using Jenkins-cli.jar or SSH. However, there was another method discovered that invokes commands by sending two POST requests to http://jenkins/cli?remoting=false.

When a CLI command is invoked, Jenkins uses args4j’s parseArgument, which calls expandAtFiles. If an attacker can control the arguments, it can be expanded to an arbitrary number of ones from an arbitrary file on the Jenkins instance. This arbitrary command execution combines a Data-leak vulnerability (CVE-2024-23897) with a similar background. CVE-2024-23897 exists due to a similar reason but is associated with leaking the contents of an arbitrary file on the Jenkins instance.

Researchers have replicated several attack scenarios and have produced functional proof-of-concept (PoC) exploits that have been made available to the public on GitHub. This data-leak vulnerability is exploited for reading the contents of the file in order to find the arbitrary number of arguments, which is later used for the exploitation of Remote Code Execution.

The success rate of arbitrary code execution over the Jenkins instance is dependent on different contexts, with some of the interesting files that are evident for successful exploitation being SSH keys, /etc/passwd, /etc/shadow, project secrets and credentials, source code, build artifacts, and more.

In conclusion, the discovery of a critical vulnerability in Jenkins is a cause for concern, especially given its widespread usage. While Jenkins has taken steps to address this vulnerability, organizations using the software are advised to update to the latest versions to ensure they are protected from potential exploitation by threat actors. Vigilance and adherence to best security practices are crucial in safeguarding against cyber threats.

Source link

Latest articles

Ransomware Group LockBit Restores Dark Web Leaking Site

LockBit, a Russian-speaking ransomware operation, made a bold statement on Saturday by reestablishing a...

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...

VPN Usage in Times of War: How Increasing Global Conflicts are Prompting a Greater Need for VPNs

The current state of global affairs is marked by escalating conflicts and increasing tensions...

ThreeAM Ransomware Cyberattack Targets Two New Victims

In recent news, the notorious ThreeAM ransomware group has launched another cyberattack, this time...

More like this

Ransomware Group LockBit Restores Dark Web Leaking Site

LockBit, a Russian-speaking ransomware operation, made a bold statement on Saturday by reestablishing a...

Review of Mr Natwarlal Movie: Delve into the realm of cyber crime

Director Lava Kaggere has chosen an intriguing subject for his latest film, which not...

VPN Usage in Times of War: How Increasing Global Conflicts are Prompting a Greater Need for VPNs

The current state of global affairs is marked by escalating conflicts and increasing tensions...
en_USEnglish