Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-43044

Good to know:

icon

Date: August 7, 2024

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the "ClassLoaderProxy#fetchJar" method in the Remoting library.

Language: Java

Severity Score

Related Resources (10)

https://github.com/jenkinsci/remoting/commit/409508a675ffc4ed9681e30bb46c8d9cb375b78c
https://nvd.nist.gov/vuln/detail/CVE-2024-43044
https://github.com/jenkinsci/jenkins/commit/cec49ce5d58048f66ac3fa88409a0d38dec09bf0
https://github.com/jenkinsci/remoting/commit/858f3c9af69d4d216b26551ea51dde6e67479bb3
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
https://github.com/jenkinsci/remoting
https://github.com/jenkinsci/jenkins/commit/5d26b53ad3a5cd8c4a060eef4f56d75e65ca17a5
https://github.com/jenkinsci/jenkins/commit/3f54c41b40db9e4ae7afa4209bc1ea91bb9175c0
https://github.com/jenkinsci/remoting/commit/3277a8e88c9b807b9a989bd7e9176d2ec9834e47
https://www.mend.io/vulnerability-database/CVE-2024-43044

Severity Score

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.452.4;org.jenkins-ci.main:jenkins-core:2.462.1;org.jenkins-ci.main:jenkins-core:2.471

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us