Jenkins, a leading open source automation server, announced on Saturday that its deprecated Confluence service was successfully attacked through the Confluence CVE-2021-26084 exploit — something that US Cybercom warned of in a notice last week.
In a statement, Jenkins documentation officer Mark Waite explained that the affected server was taken offline and the team is investigating the impact of the issue.
“At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected. Thus far in our investigation, we have learned that the Confluence CVE-2021-26084 exploit was used to install what we believe was a Monero miner in the container running the service,” Waite wrote.
“From there an attacker would not be able to access much of our other infrastructure. Confluence did integrate with our integrated identity system which also powers Jira, Artifactory, and numerous other services.”
Waite added that there is no indication that any
The article Jenkins project attacked through Atlassian Confluence vulnerability originally appeared on ZDNet.