Like a lot of you, I’ve been using Jenkins for years. Time to think about it being used as an attack vector rather than convenient automation of the boring stuff…:
The Federal Bureau of Investigation sent an alert last week warning about the discovery of new network protocols that have been abused to launch large-scale distributed denial of service (DDoS) attacks.
The alert lists three network protocols and a web application as newly discovered DDoS attack vectors.
The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.
Three of the four (CoAP, WS-DD, ARMS) have already been abused in the real-world to launch massive DDoS attacks, the FBI said based on ZDNet’s previous reporting.