Big Bugs of the Week - Jan 29, 2024

Big Bugs of the Week - Jan 29, 2024

Jenkins, Show Me Your Secrets

 A critical vulnerability was exposed in a popular CI/CD platform, Jenkins.  As one of the more popular open source automation platforms used for software deployments, this certainly seems like a critical issue where the vulnerability allows for attackers to access files and potential alter the contents.  Although a patch as been issued, many servers are still live without the patch applied and are open to potential attacks. 

Microsoft, Show Me Your Secrets 

Sticking with the CI/CD domain, Microsoft's popular CI-CD platform, Azure Pipelines (included with the parent project, Azure DevOps) has also suffered an exploit where malicious code can be injected and the build system can be tricked into running the code in a live environment to potential expose secrets and sensitive data.  

Take Your Medicine 

This is a tough one.  A piece of software called "Chameleon" used in Israeli hospitals for assist with distribution of prescriptions, among other features, suffered a malfunction that resulted in patients receiving the wrong medications.  Investigations are continuing in an attempt to uncover the cause of the failure and also to determine the scope of the problem including how many patients were affected.