CVE-2024-43044

Summary

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the ClassLoaderProxy#fetchJar method in the Remoting library.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.452.4 < 2.452.*unaffected
Jenkins ProjectJenkins2.462.1 < 2.462.*unaffected
Jenkins ProjectJenkins2.471 < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References