The makers of Jenkin- popular open-source automation server software. The developers have disclosed that they have received a security breach. The breach started after unidentified threat actors gained access to one of their servers by exploiting their server in Atlassian Confluence. Then they installed a Cryptocurrency miner.
The “successful attack”, happened approximately around last week. The attack was mounted against its Confluence services that have been deprecated in October 2019. This led the team to take down the server offline, reset passwords, rotate privileged credentials for all the developer accounts.
In a statement published over the weekend, the company said “At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected.”
The disclosure came when the U.S. Cyber Command warned about the ongoing mass exploitation attempts in the wild targeting now-patched critical security. This vulnerability affected Atlassian Confluence deployments.
The vulnerability was tracked as CVE-2021-26084 (CVSS score: 9.8). The flaw concerns an OGNL (Object-Graph Navigation Language) was an injection flaw. This was in specific instances that could be exploited to execute the arbitrary code on a Confluence Server or Data Center Instance.
According to the cybersecurity firm Censys, a search engine for finding internet devices, around 14,637 exposed and vulnerable Confluence servers were discovered right before details about the flaw became public on August 25, a number that has since dropped to 8,597 as of September 5 as companies continue to apply Atlassian’s patches and pull afflicted servers from being reachable over the internet.