Child pages
  • Jenkins Security Advisory 2015-10-01
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Description

The Jenkins project has received multiple credible reports indicating that unsecured, publicly accessible instances of Jenkins are being targeted and infected with malware. This advisory publishes the information we have about this situation and may be updated once we learn more.

By default, Jenkins listens to all interfaces and does not require user authentication, allowing anyone on the network to run arbitrary processes as the user running Jenkins. If you're running instances on a public network, make sure security is enabled. To do this, follow the instructions in the Jenkins wiki.

While this is not a bug in Jenkins, we are planning to change the Jenkins setup in a future release to be secure by default to prevent something like this from occurring in the future.

Infections

Reports indicate that affected machines have one or more of these files in their Jenkins home directory (e.g. /var/lib/jenkins):

  • RcsHTone
  • XiosElom
  • XiosElomL

We currently neither know the exact nature of this malware, nor how to remove it.

Call to Action

If you have more information about these infections, please share what you know:

  • No labels