Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
Last night, September 18, VSEC - Vietnam Cyber Security Joint Stock Company issued an emergency warning about a serious security hole in the open source application Jenkins. If successful exploitation of this vulnerability, hackers can execute unauthorized commands remotely. This serious flaw could affect the computer systems of many Vietnamese businesses.
- Sim vulnerabilities threaten more than 1 billion phones globally
- Warning: 600,000 child navigational devices may be hacked, parents should be careful
According to VSEC, this vulnerability, coded as CVE-2019-10392, was assessed as dangerous as October 8, discovered by Dutch security expert Francesco Soncina. Taking advantage of this vulnerability, hackers can easily gain control of the server, control the entire information system of the enterprise, thereby conducting illegal activities such as spreading confidential data, stealing information. believe…
VSEC security experts said that to successfully exploit this vulnerability, hackers need to have a user account with the right to configure 'Git Client Plugin' and 'Job / Configure (USE_ITEM)' from version 2.8.4 and above. ago. An important factor that allows hackers to execute unauthorized code on the server is the failure to control the input value at the Repository URL parameter in the Git Client Plugin.
Currently, CI (Continuous Integration) system is quite popular among high-tech enterprises in Vietnam. 80% of them have CI system using Jenkins application.
VSEC experts said that on the Internet, there are currently more than 200,000 servers installing Jenkins with the flawed version.
VSEC recommends organizations and businesses to do the following to avoid being affected by this serious flaw.
- Quickly update Jenkins' Git Client Plugin for the latest version.
- Publicly restrict systems in use on the intranet.
- Configure Whitelist of IPs to access critical systems.
- Set strong passwords for system accounts, including low-power accounts.
You should read it
- Top 5 most dangerous remote execution vulnerabilities in early 2020, some even automatically infect other computers without users knowing.
- Many serious security holes are found in GitLab
- Detect 2 serious security holes in the Zoom application
- Internet Explorer has vulnerabilities, unused users are still hacked
- Critical RCE vulnerability affects 29 DrayTek router models
- Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
- Microsoft introduced a tool to fix security holes in IE 9 and 10
- Find security holes on every site with Nikto
May be interested
- Phones using Viber can be attackeda vulnerability can be exploited by bad guys and gain complete control of android phones that install the viber application even though the device is locked.
- Ways to access and control your computer remotelyaccessing and controlling remote computers helps users a lot in their work and study. the following article the network administrator will show you 3 simple ways to access and control your computer on another computer.
- Microsoft has just 'lowered' the way hackers use to control computersupdating in the office 2016 suite gives enterprise administrators the right to block the process of running macros in files.
- Interesting implication behind Google's $ 3133.7 bonus for Vietnamese hackersrecently, ngoc chanh with the nickname killer with a vietnamese hacker was honored by google at the hall of fame, a ranking of experts who have contributed greatly in finding and uncovering security gaps of the technology giant. .
- Microsoft Dynamics AX 2012 has up to 1,000 new featuresmicrosoft and partner votiva have just introduced a new version of microsoft dynamics ax 2012 - enterprise resource planning (erp) solution to vietnamese businesses.
- New Vietnamese Conversion Kitthe new vietnamese-language conversion kit helps convert vietnamese words into vietnamese ones such as the vietnamese-language reform project, with a new vietnamese-style set of characters, written zuk instead of education by associate professor, dr. bui hien.
- Test your understanding of P2 hackthe network administrator's quiz below will help you gain the knowledge to start your career as a hacker. the question set has only 2 answers, you just need to answer right or wrong.
- Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windowsmozilla has just released a security update to patch a critical security vulnerability that allows hackers to escalate privileges on windows computers. this critical security flaw has been patched in the recently released version of firefox 97.
- Discovered a group of Vietnamese hackers specializing in stealing credit cards for the past 8 yearsaccording to security firm volexity, a group of suspected vietnamese hackers has been conducting activities to steal credit card information for the past 8 years.
- Top website, application of Vietnamese Pinyin dictionarypinyin dictionary helps you look up sino-vietnamese words faster and easier.