The Jenkins project, a widely used open-source automation server, recently reported a security breach involving unauthorized access to one of its servers. The incident involved attackers exploiting a vulnerability in the Atlassian Confluence service to install a cryptocurrency mining application.
The breach, which reportedly took place last week, targeted a Confluence service that has been deprecated since October 2019. In response, Jenkins’ team took immediate action by bringing the compromised server offline, rotating privileged credentials, and resetting passwords for developer accounts to mitigate potential risks.
According to Jenkins, “At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected,” as confirmed in a statement released over the weekend.
This disclosure arrives amid warnings from the U.S. Cyber Command regarding ongoing attempts to exploit a critical vulnerability that has since been patched in Atlassian Confluence deployments. This vulnerability, identified as CVE-2021-26084 and rated with a CVSS score of 9.8, involves an OGNL (Object-Graph Navigation Language) injection flaw, which could allow attackers to execute arbitrary code on a Confluence server or Data Center instance in specific circumstances.
Cybersecurity firm Censys reported that prior to the public announcement of this flaw on August 25, approximately 14,637 exposed and vulnerable Confluence servers were identified. After companies started applying Atlassian’s patches to secure their systems, this number has dropped to 8,597 as of September 5, indicating that affected organizations are actively mitigating their vulnerabilities.
