Jenkins vulnerability fixed in 2.57 / 2.46.2 is being exploited
2,416 views
Skip to first unread message
Daniel Beck
May 15, 2017, 1:49:41 PM5/15/17
to Jenkins Advisories
The Jenkins project has received a credible report that the remote code execution vulnerability fixed on April 26[1] is being actively exploited to install and run crypto currency mining tools on machines running Jenkins.
According to the report, an executable called `conns` is downloaded and run, which mines the Monero[2] cryptocurrency. There appear to be no other changes.
If your Jenkins is running on a public network, we strongly urge you to upgrade to Jenkins 2.57 or LTS 2.46.2 or newer and disable the deprecated "remoting mode" of the CLI, or, on older releases of Jenkins, disable the CLI as described on GitHub[3].
If you discover the `conns` process on your machine, we recommend wiping the system clean and changing keys and passwords.
1: https://jenkins.io/security/advisory/2017-04-26/
2: https://en.wikipedia.org/wiki/Monero_(cryptocurrency)
3: https://github.com/jenkinsci-cert/SECURITY-218
According to the report, an executable called `conns` is downloaded and run, which mines the Monero[2] cryptocurrency. There appear to be no other changes.
If your Jenkins is running on a public network, we strongly urge you to upgrade to Jenkins 2.57 or LTS 2.46.2 or newer and disable the deprecated "remoting mode" of the CLI, or, on older releases of Jenkins, disable the CLI as described on GitHub[3].
If you discover the `conns` process on your machine, we recommend wiping the system clean and changing keys and passwords.
1: https://jenkins.io/security/advisory/2017-04-26/
2: https://en.wikipedia.org/wiki/Monero_(cryptocurrency)
3: https://github.com/jenkinsci-cert/SECURITY-218
Reply all
Reply to author
Forward
0 new messages