CVE-2024-43044

Published Aug 7, 2024

Last updated 6 months ago

CVSS high 8.8

Overview

Description: Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
Source: jenkinsci-cert@googlegroups.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-754

Hype score: Not currently trending

Exploiting Jenkins RCE Vulnerability (CVE-2024-43044) Via Agents - Technical Analysis - CybersecurityNews https://t.co/cAAc0WY3nC #cybersecurity #hacking https://t.co/bAHsy8o78J
@cliffvazquez
11 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0041C764-EA61-4445-9696-65E22A678FD2",
            "versionEndExcluding": "2.452.4"
          },
          {
            "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1139DB12-D88F-4E0D-B22F-2A147B1EFD31",
            "versionEndExcluding": "2.471"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References