CVE-2024-23897 is actively being exploited by malicious threat actors and was recently added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability list. CVE-2024-23897 could allow an unauthenticated attacker to gain limited read access to certain files, which can lead to code execution. This could lead to serious incidents such as data theft or ransomware. If your organization has not already, we recommend taking mitigating action immediately.
On January 24th, 2024 Jenkins released an advisory detailing a serious security flaw (CVE-2024-0204) in their open-source automation server. Jenkins is a tool often used by organizations for software development and collaboration. The vulnerability allows a remote attacker to read files or execute arbitrary code. Corvus has observed similar vulnerabilities lead to exploitation in the past. Security patches have been released and should be applied as soon as possible.
Attackers can read files and execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Impacted organizations should apply a security patch immediately.