www.belgium.be Logo of the federal government

WARNING: HIGH SEVERITY VULNERABILITY IN JENKINS SOFTWARE CAN LEAD TO SENSITIVE FILE EXPOSURE, PRIVILEGE ESCALATION AND REMOTE CODE EXECUTION (RCE), PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-213
Versie: 
1.0
Geïmpacteerde software: 
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier
Type: 
Improper check for unusual or exceptional conditions
CVE/CVSS: 

CVE-2024-43044 : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Bronnen

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Risico’s

Jenkins is open source automation server software.  Its 2.470 and earlier, and LTS 2.452.3 and earlier versions do not perform permission checks in HTTP endpoints.  When exploited, this can have a high impact on confidentiality, integrity and availability.
 
Early August, Jenkins made an update available on its website, along with a workaround description for users who are unable to update immediately.
 
There are no indications that CVE-2024-43044 is actively exploited for the moment. However, a technical analysis has recently been published that increases the risk of exploitation (source: Cyber Security News). It is also important to note that recently another vulnerability in Jenkins software has been actively exploited, notably by ransomware actors (see: CCB Advisory #2024-206).
 

Beschrijving

Exploitation of CVE-2024-43044 can let an attacker read sensitive files stored on the Jenkins controller.  This, in turn, can allow the attacker to perform privilege escalation and remote code execution (RCE) on the controller.

Aanbevolen acties

Patch
 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 
Monitor/Detect
 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties