2 min Security

Thousands of Jenkins servers vulnerable to takeovers and data theft

Thousands of Jenkins servers vulnerable to takeovers and data theft

Thousands, possibly more, of Jenkins’ servers are vulnerable to data theft, takeovers or attacks aimed at cryptic currency miners. This is because hackers can take advantage of two different vulnerabilities, with which they can give themselves admin rights, or log in.

Both vulnerabilities were discovered by CyberArk researchers and then reported to the development team behind Jenkins. This then brought out a number of solutions during the summer. But despite the fact that fixes have already been released, many thousands of Jenkins servers remain vulnerable and available online.

Jenkins servers

Jenkins is a continuous integration web application developed in Java that allows development teams to perform automated tests and commands on code repositories based on test results. The process of rolling out new code to production servers can also be automated.

The app is very popular in the IT infrastructure of many companies and are also very popular with both companies and freelance developers. Because not everyone has updated their server on time, many servers remain vulnerable and thousands, if not many more, of them are not properly secured.

The vulnerabilities

Last summer, Cyberark researchers discovered a vulnerability (CVE-2018-1999001) that allows an attacker to log in credentials with fake login. The Jenkins server then moves the config.xml file from the home directory to another location. If an attacker then manages to crash and restart a server (or just waits for a reboot to occur by itself), it restarts itself in unsecured mode. In this setup an attacker can easily register himself as admin.

This problem is already serious, but researchers at CyberArk also found CVE-2018-1999043. That bug allows attackers to make fake credentials. It allows them to log in with fake usernames and passwords. Both vulnerabilities were resolved, the first in July and the second in August. But there are probably still roughly 78,000 servers that remain vulnerable to these problems.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.