DevOps Warned About Potential DoS Attacks

DevOps teams who use Jenkins Servers were warned about potential launch of denial of service (DoS) attacks, at the beginning of the month.

Security researchers warned that 12,000 Jenkins Servers, which are popular by developers for building, testing and deploying apps running in cloud environments.

Radware issued an emergency response team threat on 10th February after discovering 12,802 Jenkins servers were still vulnerable to a flaw patched at the end of January 2020.

The flaw CVE-2020-2100, was discovered by Adam Thorn of the University of Cambridge and is said to affect Jenkins servers 2.218 and earlier as well as LTS 2.204.1 and earlier.

Pascal Geenens, Security Evangelist at Radware, said:

“Jenkins’ vulnerability is caused by an auto-discovery protocol that is enabled by default and exposed in publicly facing servers.

“Disabling the discovery protocol is only a single edit in the configuration file of Jenkins and it got fixed in January’s patch from a default enables to disabled.”

The bug could enable cyber criminals to compromise exposed services to launch two types of Dos attacks. An amplification attack and an infinite loop attack.

Pascal Geenens added:

“The same exposed service can also be abused by malicious actors to perform DDos amplification attacks against random victims on the internet – victims do not have to run or expose Jenkins for the amplification attack to impact them.

“If your DevOps teams are using Jenkins servers in their cloud or on-prem environments, there is a simple solution: either disable auto-discovery protocol, if you do not use it or add a firewall policy to block access to port udp/33848.”