CVE-2024-43044

EPSS 45.97%
Veröffentlicht 07.08.2024 14:15:33
Zuletzt bearbeitet 14.03.2025 20:15:13
Quelle jenkinsci-cert@googlegroups.co
Teams Watchlist Login
Unerledigt Login

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.452.4

Jenkins ≫ Jenkins SwEdition- Version < 2.471

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.97%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43044

EUVD