What is the Vulnerability?
Cyber threat actors are actively targeting Jenkins which is a Java-based open-source automation server widely used by application developers. The critical vulnerability tracked as CVE-2024-23897 could enable remote code execution (RCE) potentially leading to unauthorized access and data compromise. Exploiting this vulnerability allows attackers to read any files on the Jenkins controller file system.FortiRecon ACI service has observed active and recent discussions in the Dark Web. Also, a Proof of Concept (PoC) exploit has been made publicly available which makes this vulnerability crucial for continuous monitoring and more exploitation activities.
What is the Vendor Solution?
Jenkins released a security advisory on January 24, 2024 about this vulnerability. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has provided protection via the IPS signature “Jenkins.LTS.Command.Line.Interface.Arbitrary.File.Read” which was released in early February to detect and block any attack attempts targeting the vulnerability (CVE-2024-23897).
FortiGuard Labs advises organizations to apply the latest Jenkins security updates and patches.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Experience Manager is an all-in-one software suite used for content and asset management.
Adobe Premiere Pro is a timeline-based and non-linear video editing software application.
Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications.
Adobe Bridge is used to preview, organize, edit, and publish assets.
Adobe Lightroom is a photo editing and storage application available through the Adobe Creative Cloud.
Adobe Animate is used to create vector graphics and interactive content.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
