CVE-2024-43044

EPSS 45.97%
Published 07.08.2024 14:15:33
Last modified 14.03.2025 20:15:13
Source jenkinsci-cert@googlegroups.co
Teams watchlist Login
Open Login

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.452.4

Jenkins ≫ Jenkins SwEdition- Version < 2.471

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	45.97%	0.975

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43044

EUVD