Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Jenkins
- 2.470 and earlier
- LTS 2.452.3 and earlier
Source
jenkinsci-cert@googlegroups.com
Tags
CVE-2024-43044 details
Published : Aug. 7, 2024, 2:15 p.m.
Last Modified : Aug. 7, 2024, 3:17 p.m.
Last Modified : Aug. 7, 2024, 3:17 p.m.
Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 | jenkinsci-cert@googlegroups.com |
This website uses the NVD API, but is not approved or certified by it.