The Jenkins project discovered last week that one of the deprecated Confluence servers was sacrificed. Recently disclosed Remote Code Execution (RCE) vulnerability.
Jenkins is popular Open Source A tool that helps automate part of software development.
Recently, a proof-of-concept exploit code for the Confluence vulnerability tracked as CVE-2021-26084 was released, and it didn’t take long for an attacker to start scanning and exploiting a popular vulnerable instance. Collaboration platformFor fraudulent purposes such as installation Crypto minor..
“In the survey so far, Confluence CVE-2021-26084 Exploits were used to install what appears to be a Monero minor in the container running the service. From there, attackers will not have access to much of the other infrastructure, “a member of the Jenkins project shared in a joint blog post.
Assuming the worst
As part of that, Atlassian quickly issued a patch to fill in the security rants, but still couldn’t discourage the attackers.
In fact, scanning and misuse Reached such a level Its various Cyber security Agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the US Cyber Command (USCYBERCOM) have issued recommendations to encourage administrators to patch vulnerable servers without delay.
The Jenkins compromised Confluence server has been deprecated since 2019, and the project’s infrastructure team has migrated its content to GitHub.
The project shared the Confluence server as it was integrated with them while the server was completely disabled. ID management Systems that also power Jira, Artifactory, and several other services are under scrutiny.
At this point, it doesn’t look like the developer’s credentials were stolen during the attack, but Jenkins “can’t claim otherwise”, so the project anticipates the worst and all of the integrated identity system. You are resetting your account password.
“We are currently taking steps to prevent the release until we reestablish the chain of trust with the developer community,” the project shares.