Home > Vulnerability Database > CVE-2024-43044

Mend.io Vulnerability Database

CVE-2024-43044

Good to know:

Date: August 7, 2024

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

Language: Java

Severity Score

8.8

Related Resources (10)

Url: https://github.com/jenkinsci/remoting/commit/409508a675ffc4ed9681e30bb46c8d9cb375b78c

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43044

Url: https://github.com/jenkinsci/jenkins/commit/cec49ce5d58048f66ac3fa88409a0d38dec09bf0

Url: https://github.com/jenkinsci/remoting/commit/858f3c9af69d4d216b26551ea51dde6e67479bb3

Url: https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Url: https://github.com/jenkinsci/remoting

Url: https://github.com/jenkinsci/jenkins/commit/5d26b53ad3a5cd8c4a060eef4f56d75e65ca17a5

Url: https://github.com/jenkinsci/jenkins/commit/3f54c41b40db9e4ae7afa4209bc1ea91bb9175c0

Url: https://github.com/jenkinsci/remoting/commit/3277a8e88c9b807b9a989bd7e9176d2ec9834e47

Url: https://www.mend.io/vulnerability-database/CVE-2024-43044

Severity Score

8.8

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.452.4,2.462.1,2.471

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43044

Good to know:

Date: August 7, 2024

Language: Java

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?