{"id":7279,"date":"2020-02-12T15:42:00","date_gmt":"2020-02-12T15:42:00","guid":{"rendered":"https:\/\/gtechbooster.com\/?p=7279"},"modified":"2023-06-21T11:42:50","modified_gmt":"2023-06-21T11:42:50","slug":"jenkins-server-exposed-to-dos-attacks","status":"publish","type":"post","link":"https:\/\/gtechbooster.com\/jenkins-server-exposed-to-dos-attacks\/","title":{"rendered":"Jenkins server exposed to DoS Attacks"},"content":{"rendered":"\n

There has been an alert to DevOps to take precaution against an imminent Jenkins server exposure. Security researchers are warning that 12,000 cloud automation servers around the world could be hijacked to launch denial of service (DoS) attacks.<\/p>\n\n\n\n

\"\"<\/a><\/div><\/div>

Radware issued an emergency response team threat alert yesterday after discovering 12,802 Jenkins servers that are still vulnerable to a flaw patched at the end of January.<\/p>\n\n\n\n

Discovered by Adam Thorn of the University of Cambridge, \nCVE-2020-2100 affects Jenkins 2.218 and earlier as well as LTS 2.204.1 \nand earlier.<\/p>\n\n\n\n

\u201cJenkins\u2019 vulnerability is caused by an auto-discovery protocol that \nis enabled by default and exposed in publicly facing servers,\u201d explained\n Radware security evangelist, Pascal Geenens. \u201cDisabling the discovery \nprotocol is only a single edit in the configuration file of Jenkins and \nit got fixed in last week\u2019s patch from a default enabled to disabled.\u201d<\/p>\n\n\n\n

The bug could enable attackers to compromise exposed servers to \nlaunch two different types of DoS: an amplification attack and an \ninfinite loop attack.<\/p>\n\n\n\n

The latter was described by Geenens as \u201cparticularly nasty,\u201d because \n\u201cwith a single spoofed packet, a threat actor can make two servers go \ninto an infinite loop of replies, and they cannot be stopped unless one \nof the servers is rebooted or has its Jenkins service restarted.<\/p>\n\n\n\n

\u201cThe same exposed service can also be abused by malicious actors to \nperform DDoS amplification attacks against random victims on the \ninternet \u2013 victims do not have to run or expose Jenkins for the \namplification attack to impact them,\u201d he continued.<\/p>\n\n\n\n

\u201cIf your DevOps teams are using Jenkins servers in their cloud or \non-prem environments, there is a simple solution: either disable \nauto-discovery protocol if you do not use it or add a firewall policy to\n block access to port udp\/33848.\u201d<\/p>\n\n\n\n

Open source Jenkins servers are popular among DevOps teams, which use them to build, test and deploy apps running in the cloud in environments such as Amazon Web Services, OVH, Hetzner, Host Europe, DigitalOcean\u00a0and Linode.<\/p>\n\n\n\n

More Information<\/h2>\n\n\n\n