Researchers warn that attackers have already started scanning for Jenkins servers that are vulnerable to a critical remote code execution flaw patched last week. Proof-of-concept (PoC) exploits for the vulnerability are already available, so the time window to patch before widespread attacks occur is quickly closing.
According to scans with the Shodan service, more than 75,000 Jenkins servers are exposed to the internet. Jenkins is an open-source automation server that’s commonly used as part of continuous integration and continuous delivery (CI/CD) pipelines because it allows the automation of code building, testing, and deployment. Jenkins has many integrations with other services and tools, which makes it a popular choice for all software development organizations having an estimated market share of around 44%.
