Analytics Story: Jenkins Server Vulnerabilities

Date: 2024-01-29 ID: 789e76e6-4b5e-4af3-ab8c-46578d84ccff Author: Michael Haag, Splunk Product: Splunk Enterprise Security

Description

This analytic story provides a comprehensive view of Jenkins server vulnerabilities and associated detection analytics.

Why it matters

The following analytic story provides a comprehensive view of Jenkins server vulnerabilities and associated detection analytics. Jenkins is a popular open-source automation server that is used to automate tasks associated with building, testing, and deploying software. Jenkins is often used in DevOps environments and is a critical component of the software development lifecycle. As a result, Jenkins servers are often targeted by adversaries to gain access to sensitive information, credentials, and other critical assets. This analytic story provides a comprehensive view of Jenkins server vulnerabilities and associated detection analytics.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
Jenkins Arbitrary File Read CVE-2024-23897	Exploit Public-Facing Application	TTP

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼
Nginx Access	N/A	`nginx:plus:kv`	`/var/log/nginx/access.log`

References

https://www.jenkins.io/security/advisory/2024-01-24/

Source: GitHub | Version: 1