Cybersecurity researchers have discovered a potential cybersecurity threat involving improperly configured Jenkins Script Console instances being used for criminal activities such as cryptocurrency mining.
According to Trend Micro’s Shubham Singh and Sunil Bharti, misconfigurations in the authentication mechanisms could expose the ‘/script’ endpoint to attackers, leading to remote code execution and misuse by malicious actors.
Jenkins, a widely used continuous integration and delivery (CI/CD) platform, includes a Groovy script console that allows running arbitrary Groovy scripts within the Jenkins controller runtime.
The official documentation of Jenkins mentions that the web-based Groovy shell can be used to access sensitive data, decrypt credentials, and modify security settings.
The documentation also highlights that the Script Console access grants significant control over the Jenkins infrastructure, making it crucial to ensure proper configuration and restricted access.
In some instances, threat actors exploited the misconfiguration in the Jenkins Groovy plugin to deploy a cryptocurrency mining script on compromised servers.
To prevent such exploits, it is important to implement robust authentication, conduct regular audits, and avoid exposing Jenkins servers to the public internet.
As cryptocurrency thefts from hacks and exploits continue to rise, it is essential to take proactive measures to secure sensitive assets.
Blockchain intelligence platform TRM Labs reported a significant increase in cryptocurrency thefts in the first half of 2024, emphasizing the importance of safeguarding private keys and seed phrases from cyber threats.