Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective
released on 2024-07-05 @ 03:26:22 PM
This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that download and execute miner binaries while maintaining persistence through cron jobs and systemd utilities.