2303466 – (CVE-2024-43044) CVE-2024-43044 jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

Bug 2303466 (CVE-2024-43044) - CVE-2024-43044 jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

Summary: CVE-2024-43044 jenkins: Arbitrary file read vulnerability through agent conne...

Keywords:
Status:	NEW
Alias:	CVE-2024-43044
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-07 14:20 UTC by OSIDB Bzimport
Modified:	2024-08-19 04:45 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:5405	None	None	None	2024-08-14 15:44:28 UTC
Red Hat Product Errata	RHSA-2024:5406	None	None	None	2024-08-14 16:11:19 UTC
Red Hat Product Errata	RHSA-2024:5410	None	None	None	2024-08-14 17:39:29 UTC
Red Hat Product Errata	RHSA-2024:5411	None	None	None	2024-08-14 17:39:10 UTC

Description OSIDB Bzimport 2024-08-07 14:20:52 UTC

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

Comment 1 errata-xmlrpc 2024-08-14 15:44:27 UTC

This issue has been addressed in the following products:

  OCP-Tools-4.15-RHEL-8

Via RHSA-2024:5405 https://access.redhat.com/errata/RHSA-2024:5405

Comment 2 errata-xmlrpc 2024-08-14 16:11:18 UTC

This issue has been addressed in the following products:

  OCP-Tools-4.13-RHEL-8

Via RHSA-2024:5406 https://access.redhat.com/errata/RHSA-2024:5406

Comment 3 errata-xmlrpc 2024-08-14 17:39:09 UTC

This issue has been addressed in the following products:

  OCP-Tools-4.14-RHEL-8

Via RHSA-2024:5411 https://access.redhat.com/errata/RHSA-2024:5411

Comment 4 errata-xmlrpc 2024-08-14 17:39:28 UTC

This issue has been addressed in the following products:

  OCP-Tools-4.12-RHEL-8

Via RHSA-2024:5410 https://access.redhat.com/errata/RHSA-2024:5410

Note You need to log in before you can comment on or make changes to this bug.