Recherche : [CVE-2024-23897]

CVE-2024-23897 Enabled Ransomware Attack on Indian Banks https://blogs.juniper.net/en-us/threat-research/cve-2024-23897-enabled-ransomware-attack-on-indian-banks

13/08/2024 20:41:37

CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.

From Limited file read to full access on Jenkins (CVE-2024-23897) https://xphantom.nl/posts/crypto-attack-jenkins/

09/08/2024 14:30:26

As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure https://www.cloudsek.com/blog/major-payment-disruption-ransomware-strikes-indian-banking-infrastructure

07/08/2024 10:56:43

CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.

45,000 Jenkins servers remain vulnerable to RCE attacks https://www.theregister.com/2024/01/30/jenkins_rce_flaw_patch/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118

05/02/2024 13:26:45

Multiple publicly available exploits have since been published for the critical flaw

Jenkins Security Advisory 2024-01-24 https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314

29/01/2024 15:10:01

Arbitrary file read vulnerability through the CLI can lead to RCE

Liens par page

Filtres