Is CVE-2024-34144 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project Script Security Plugin

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the…

EPSS: 0.564 (98.2th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project Script Security Plugin — versions 0

Public proof-of-concept exploits

MXWXZ/CVE-2024-34144
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

Jenkins Security Advisory 2024-05-02 (vendor-advisory)
www.openwall.com/lists/oss-security/2024/05/02/3

Frequently asked questions

What is CVE-2024-34144?: CVE-2024-34144 is a vulnerability in Jenkins Project Script Security Plugin. Published 2024-05-02.
Is CVE-2024-34144 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.