Jenkins Product Security Update Advisory (CVE-2024-43044)

Overview

Jenkins has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-43044

  • Jenkins version: ~ 2.470 (inclusive)
  • Jenkins version: ~ 2.452.3 (inclusive)

 

Resolved Vulnerabilities

Vulnerability in the `ClassLoaderProxy#fetchJar` method of the Remoting library allows an agent process to read arbitrary files from the Jenkins controller file system (CVE-2024-43044)

 

Vulnerability Patches

With the latest update on 08/07/2024, the following Vulnerability Patches were made available. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-43044

  • Jenkins version: 2.471
  • Jenkins version: 2.452.4 or 2.462.1

     

Referenced Sites

[1] CVE-2024-43044 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-43044

[2] Jenkins Security Advisory 2024-08-07

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Article Link: Jenkins Product Security Update Advisory (CVE-2024-43044) – ASEC