Recherche : [Jenkins]

CVE-2024-23897 Enabled Ransomware Attack on Indian Banks https://blogs.juniper.net/en-us/threat-research/cve-2024-23897-enabled-ransomware-attack-on-indian-banks

13/08/2024 20:41:37

CVE-2024-23897 is an unauthenticated arbitary file read vulnerability in Jenkins CLI used by RansomEXX to target small Indian banks.

From Limited file read to full access on Jenkins (CVE-2024-23897) https://xphantom.nl/posts/crypto-attack-jenkins/

09/08/2024 14:30:26

As a red teamer, you encountered a Jenkins instance that is vulnerable to CVE-2024-23897, which allowed for limited arbitrary file read. Without credentials and with the /script endpoint inaccessible, you sought to leverage this vulnerability by revealing Hudson to decypt the credentials.

Jenkins Security Advisory 2024-08-07 CVE-2024-43044 CVE-2024-43045 https://www.jenkins.io/security/advisory/2024-08-07/#jenkins-security-advisory-2024-08-07

08/08/2024 10:13:13

Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure https://www.cloudsek.com/blog/major-payment-disruption-ransomware-strikes-indian-banking-infrastructure

07/08/2024 10:56:43

CloudSEK's threat research team has uncovered a ransomware attack disrupting India's banking system, targeting banks and payment providers. Initiated through a misconfigured Jenkins server at Brontoo Technology Solutions, the attack is linked to the RansomEXX group.

45,000 Jenkins servers remain vulnerable to RCE attacks https://www.theregister.com/2024/01/30/jenkins_rce_flaw_patch/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118

05/02/2024 13:26:45

Multiple publicly available exploits have since been published for the critical flaw

Jenkins Security Advisory 2024-01-24 https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314

29/01/2024 15:10:01

Arbitrary file read vulnerability through the CLI can lead to RCE

infosec company owned completely by 4chan user https://maia.crimew.gay/posts/optimeyes-leak/

12/05/2023 08:53:22

yesterday evening an anonymous 4chan user dumped a leak on the /g/ technology board, claiming to have completely owned risk visualization company optimeyes:

Jenkins discloses dozens of zero-day bugs in multiple plugins https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/

05/01/2023 08:28:08

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.

Liens par page

Filtres