Maintainers of the popular open-source automation server software, Jenkins have disclosed a security breach after unidentified threat actors gained access to one of their servers via the exploitation of a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The attack is believed to have occurred last week, mounting against its Confluence service that had been deprecated since October 2019, leading them to take the server offline, rotate privileged credentials and reset passwords for developer accounts.
The company has made it known that they have no reason to believe that any Jenkins releases, plugins, or source code have been affected.
This disclosure is coming as the U.S Cyber Command warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments.
Tracked as CVE-2021-26084 (CVSS score: 9.8), the flaw concerns an OGNL (Object-Graph Navigation Language) injection flaw that, in specific instances, could be exploited to execute arbitrary code on a Confluence Server or Data Center instance.
According to cybersecurity firm Censys, around 14,637 exposed and vulnerable Confluence servers were discovered right before details about the flaw became public on August 25, a number that has since dropped to 8,597 as of September 5 as companies continue to apply Atlassian’s patches and pull afflicted servers from being reachable over the internet.