The development team of Jenkins, a popular open-source automation server software, have disclosed a security breach in which unidentified threat actors exploited a recently disclosed vulnerability in Atlassian Confluence service to attain access to one of its servers and installed a cryptocurrency miner.
The “successful attack,” was mounted against its Confluence service that had been deprecated since October 2019, leading the team to take the server offline, rotate privileged credentials, and reset passwords for developer accounts.
The company stated they believe that no Jenkins releases, plugins, or source code have been affected.
The disclosure comes as the U.S. Cyber Command warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments.
The vulnerability that has been dubbed as CVE-2021-26084 (CVSS score: 9.8), concerns an OGNL (Object-Graph Navigation Language) injection flaw that, in specific instances, could be exploited to execute arbitrary code on a Confluence Server or Data Center instance.
According to cybersecurity firm Censys, a search engine for finding internet devices, around 14,637 exposed and vulnerable Confluence servers were discovered right before details about the flaw became public on August 25. Since then it has been reduced to 8,597 as of September 5 when companies started to apply Atlassian’s patches and pull afflicted servers from being reachable over the internet.