Vulnerability DatabaseCVE-2024-43044
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-43044
August 07, 2024
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the "ClassLoaderProxy#fetchJar" method in the Remoting library.
Affected Packages
org.jenkins-ci.main:jenkins-core (JAVA):
Affected version(s) >=2.460 <2.462.1
Fix Suggestion:
Update to version 2.462.1
org.jenkins-ci.main:jenkins-core (JAVA):
Affected version(s) >=1.396 <2.452.4
Fix Suggestion:
Update to version 2.452.4
org.jenkins-ci.main:jenkins-core (JAVA):
Affected version(s) =2.470 <2.471
Fix Suggestion:
Update to version 2.471
Related Resources (9)
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
https://github.com/jenkinsci/jenkins/commit/5d26b53ad3a5cd8c4a060eef4f56d75e65ca17a5
https://github.com/jenkinsci/jenkins/commit/3f54c41b40db9e4ae7afa4209bc1ea91bb9175c0
https://github.com/jenkinsci/remoting
https://nvd.nist.gov/vuln/detail/CVE-2024-43044
https://github.com/jenkinsci/remoting/commit/3277a8e88c9b807b9a989bd7e9176d2ec9834e47
https://github.com/jenkinsci/jenkins/commit/cec49ce5d58048f66ac3fa88409a0d38dec09bf0
https://github.com/jenkinsci/remoting/commit/858f3c9af69d4d216b26551ea51dde6e67479bb3
https://github.com/jenkinsci/remoting/commit/409508a675ffc4ed9681e30bb46c8d9cb375b78c
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Check for Unusual or Exceptional Conditions
CWE-754
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
65.90