12,000 Jenkins servers may be targeted by DDoS attacks

Radware network security researchers warned that about 12,000 cloud automation servers worldwide could be exploited for launching the denial of service (DoS) Attacks, DDoS attacks can reach a magnification of 100 times, and the server will crash quickly. It is reported that the Radware research team found that 12,802 Jenkins servers were still vulnerable.

Jenkins is an open-source server for performing automated tasks and this flaw in Jenkins can also be used to launch distributed denial of service (DDoS) attacks. As the vulnerability in the Jenkins code base is tracked as CVE-2020-2100. Although the vulnerability has been fixed in Jenkins v2.219 released last month, many Jenkin servers will still be affected.

Researcher said:

“Jenkins’ vulnerability is caused by an auto-discovery protocol that is enabled by default and exposed in publicly facing servers. Disabling the discovery protocol is only a single edit in the configuration file of Jenkins and it got fixed in last week’s patch from a default enabled to disabled.”

“The same exposed service can also be abused by malicious actors to perform DDoS amplification attacks against random victims on the internet – victims do not have to run or expose Jenkins for the amplification attack to impact them.”

“If your DevOps teams are using Jenkins servers in their cloud or on-prem environments, there is a simple solution: either disable auto-discovery protocol if you do not use it or add a firewall policy to block access to port udp/33848.”