❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayHorizon3.ai

CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now!

βœ‡Horizon3.ai
By: Corey Sinclair
30 January 2024 at 15:01

On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery.

The critical vulnerability is tracked as CVE-2024-23897 and affects Jenkins 2.441 and earlier. LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces the β€˜@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system that can lead to RCE.

According to security researchers from ShadowServer, there are approximately 45,000 unpatched Jenkins instances, most of which are in China (12,000) and the United States (11,830).

Two Proof of Concepts (PoCs) exploits have been released to the public and could be leveraged by attackers to compromise unpatched Jenkins servers. According to the Cyber Security Agency (CSA) of Singapore, as of 30 January 2024, the vulnerability is reportedly being actively exploited.

Who Is Affected?

Anyone who is running Jenkins 2.441 and earlier is affected by this vulnerability.

How Can I Fix It?

Jenkins users are urged to upgrade to Jenkins 2.442 and LTS 2.426.3.Β Β 

How Can NodeZero Help?Β 

All NodeZeroℒ️ users can run an autonomous pentest to determine if their systems are vulnerable to the Jenkins vulnerability. We also recommend running a follow-on pentest to verify that any remediation steps taken, such as patching, are effective.Β 

Example Top Weaknesses and Impacts:

Example Attack Path:

If you want to read more, please read Horizon3.ai’s Attack Team’s blog titled, β€œCVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.”

The post CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now! appeared first on Horizon3.ai.

CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZeroℒ️ Now!

βœ‡Horizon3.ai
By: Corey Sinclair
24 January 2024 at 20:12

On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability. GoAnywhere MFT is, as the name suggests, an enterprise solution for encrypting and transferring data within an organization and to external customers.

This critical vulnerability (CVSS 9.8) is tracked as CVE-2024-0204 and only affects versions of GoAnywhere MFT prior to 7.4.1. Unauthorized individuals can exploit this vulnerability to create an admin user via the administration portal.

Fortra patched the GoAnywhere vulnerability on 7 December 2023 with the release of GoAnywhere MFT 7.4.1. Fortra then publicly disclosed the vulnerability on 22 January after giving customers several weeks to patch.

While Fortra is not aware of any attacks in the wild exploiting this vulnerability, we anticipate that cyber threat actors will likely attempt to take advantage of any unpatched instances of GoAnywhere MFT now that it has been publicly acknowledged.

Who Is Affected?

Anyone who runs a version of Fortra’s GoAnywhere MFT prior to 7.4.1 may be impacted by this vulnerability. According to Fortra, GoAnywhere is the #1 secure file transfer solution and serves 4,000+ customers in 100+ countries. Organizations in healthcare, finance, insurance, transportation, government, real estate, and other industries use the solution and could be at risk of exploitation if they are not running the patched version.

How Do I Fix It?

Fortra recommends upgrading to version 7.4.1 or higher. According to Fortra, this vulnerability may also be eliminated in non-container deployments by deleting the InitialAccountSetup.xhtml file in the install directory and restarting the services. For container-deployed instances, replace the file with an empty file and restart.

How Can NodeZeroℒ️ Help?

As of today, all users running NodeZeroℒ️ can run an autonomous pentest to determine if their systems are vulnerable, reachable, and exploitable due to this vulnerability. We also recommend running a follow-on pentest to determine that any remediation steps taken are effective.

Example Attack Path:

Example Proof:

To read more about this vulnerability and how it works, please see the Horizon3.ai Attack Team blog titled, β€œCVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive.”

The post CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZeroℒ️ Now! appeared first on Horizon3.ai.

❌
❌