Critical RCE attacks threaten almost 45K Jenkins servers

BleepingComputer reports that nearly 45,000 internet-exposed Jenkins open-source automation servers around the world could be compromised in attacks leveraging the critical remote code execution vulnerability, tracked as CVE-2024-23897, which has already been addressed in updates issued last week. China accounted for most of the vulnerable Jenkins instances, followed by the U.S., Germany, India, France, and the UK, according to a report from Shadowserver. Such findings come days after the reported discovery of several working exploits and attempted attacks targeted at the RCE flaw, which could be leveraged to facilitate arbitrary command-line interface command execution and arbitrary file reading and eventually permit sensitive data access, stored secret decryption, file deletion, and Java heap dump downloads. Organizations with vulnerable Jenkins servers have been urged to immediately apply the security updates, as well as review mitigation recommendations and workarounds to prevent potentially significant repercussions amid ongoing scans conducted by threat actors.