Profile picture
Catalin Cimpanu @campuscodi
, 6 tweets, 3 min read Read on Twitter
Thousands of Jenkins servers will let anonymous users become admins, are open to corporate theft, can let hackers plant backdoors…
This is the result of a combo of two flaws. The first one lets you move the config from the home directory and reset Jenkins into a state where everyone can be admin.…
The second one lets an attacker create temporary users and log into Jenkins servers.... yeah... not good.
Both issues were patched in July and August, respectively……
There are currently over 78,000 Jenkins servers that can be discovered via Shodan…
In a few minutes, found that over 2,000 are running old versions, that are vulnerable.

Remember when a group of hackers took over a bunch of Jenkins servers at the start of the year and made $3.4 million in Monero?

Guess what's gonna happen next...…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Catalin Cimpanu
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!