45k Jenkins servers exposed globally due to CVE-2024-23897 (CVSS 9.8) vulnerability
The security vulnerability has affected around 45000 Jenkins servers across the globe. By exploiting the vulnerability, the attacker can gain access to sensitive data such as source codes, SSH Keys, Credentials, Build Artifacts, and Binary Secrets. Learn more on how SharkStriker helps its clients and partners be secured from the impact of CVE-2024-23897 vulnerability.
Overview
More than 45000 Jenkins servers are exposed due to a security vulnerability CVE-2024-23897 which has been assigned a critical CVSS score of 9.8.
It has a global impact on businesses with instances of Jenkins servers exposed to the security vulnerability with 15806 instances exposed from the US, 11955 instances exposed in China, 3572 in India, 2204 in the Republic of Korea, 1482 in France, and 1179 in the UK.
Exploits were first made public on 26 January with fixes through versions 2.442 and LTS 2.426.3 for file read problems. Security experts are currently working on effective patches for this vulnerability.
Jenkins is a renowned open-source automation server for Continuous Integration and Continuous Development (CI/CD).