Jenkins developers reported that they suffered from a hack: hackers gained access to one of their internal servers and deployed a cryptocurrency miner on it. It is emphasized that the Jenkins releases, plugins and source code were not harmed during the incident.
Administrators write that the jailbroken server hosting the now defunct Jenkins wiki portal (wiki.jenkins.io) was deprecated back in October 2019, when the project moved the wiki and collaboration systems from the Atlassian Confluence standalone server to GitHub.
The Jenkins hack is part of a wave of attacks that exploit the recently discovered CVE-2021-26084 vulnerability in Confluence (also known as Confluenza), which allows an unauthenticated attacker to remotely execute commands on a vulnerable server. Such attacks, which are mainly used to install cryptocurrency miners, will continue to continue , according to Bad Packets and Rapid7 .
The Jenkins developers claim that after the attack, they finally shut down the compromised Confluence server, changed the credentials for privileged accounts, and reset passwords for developer accounts.
It should be noted that according to Censys , there are currently about 15,000 Atlassian Confluence servers on the web that can be accessed over the Internet. And as of September 5, 2021, 8,597 of those servers were still vulnerable to the CVE-2021-26084 issue.
Catch up on more stories here
Follow us on Facebook here