What is CVE-2024-43044?

CVE-2024-43044 is a vulnerability in Jenkins Project. Published 2024-08-07.

Is CVE-2024-43044 known to be exploited?

35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jenkins Project

CVE-2024-43044

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.

Affected products

Jenkins Project — versions 2.452.4, 2.462.1, 2.471

Public proof-of-concept exploits

convisolabs/CVE-2024-43044-jenkins
v9d0g/CVE-2024-43044-POC
HwMex0/CVE-2024-43044
jenkinsci-cert/SECURITY-3430
DACC4/CVE-2024-43044-jenkins-creds
Lern0n/Lernon-POC
Linxloop/fork_
Mr-xn/Penetration_
Ostorlab/KEV
Threekiii/CVE

References

Jenkins Security Advisory 2024-08-07 (vendor-advisory)

Frequently asked questions

What is CVE-2024-43044?: CVE-2024-43044 is a vulnerability in Jenkins Project. Published 2024-08-07.
Is CVE-2024-43044 known to be exploited?: 35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.