GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

From threatpost.com

ge aviation data exposure jenkins misconfiguration

A DNS misconfiguration resulted in an open Jenkins server being available to all.

A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.

GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.

Jenkins is an open source automation server written in Java. A misconfiguration in the server’s DNS scheme, which converts human readable domain names into computer readable IP-addresses, caused the impacted server to become exposed to the open internet, according to the company.

Read more…