Hackers manage to exploit the latest Atlassian Confluence Service flaw to install a cryptocurrency miner to breach Jenkins Project Server. Jenkins is a popular open-source automation server software acknowledged for the security breach earlier last week.
The threat actors managed to launch the attack using the Confluence service deprecated by Jenkins in October 2019. They managed to take down the servers offline, rotate privileged credentials, and reset passwords for developer accounts.
According to Jenkins, “At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected.”
Earlier the US Cyber Command had warned about ongoing mass exploitation attempts in the wild that targeted patched critical security vulnerabilities affecting Atlassian Confluence deployments.
The vulnerability is tracked as CVE-2021-26084 with a CVSS score: 9.8. It concerns an OGNL (Object-Graph Navigation Language) injection flaw; it can in specific instances also be exploited to execute arbitrary code on a Confluence Server or Data Center instance.
Censys, a cybersecurity firm, found that just before the flaw became public on August 25, a search engine for finding internet devices, around 14,637 exposed and vulnerable Confluence servers was discovered. Since then this has dropped to 8,597 as of September 5 while companies continue to apply Atlassian’s patches and pull afflicted servers from being reachable over the internet.