How severe is CVE-2024-43044?

CVE-2024-43044 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-43044

Name: jenkins
Author: jenkins

8.8HIGH

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remotin

Veröffentlicht: 8/7/2024Aktualisiert: 3/14/2025

Beschreibung

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

KI-AnalyseKI-gestützt

Betroffene Produkte

jenkinsjenkins

Referenzen

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
Vendor Advisory