Overview
Jenkins has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-43044
- Jenkins version: ~ 2.470 (inclusive)
- Jenkins version: ~ 2.452.3 (inclusive)
Resolved Vulnerabilities
Vulnerability in the `ClassLoaderProxy#fetchJar` method of the Remoting library allows an agent process to read arbitrary files from the Jenkins controller file system (CVE-2024-43044)
Vulnerability Patches
With the latest update on 08/07/2024, the following Vulnerability Patches were made available. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-43044
- Jenkins version: 2.471
- Jenkins version: 2.452.4 or 2.462.1
Referenced Sites
[1] CVE-2024-43044 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-43044
[2] Jenkins Security Advisory 2024-08-07
https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
Article Link: Jenkins Product Security Update Advisory (CVE-2024-43044) – ASEC