High severity8.8NVD Advisory· Published Aug 7, 2024· Updated Jun 17, 2026
CVE-2024-43044
CVE-2024-43044
Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the ClassLoaderProxy#fetchJar method in the Remoting library.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:remotingMaven | < 3206.3208 | 3206.3208 |
org.jenkins-ci.main:remotingMaven | >= 3248, < 3248.3250 | 3248.3250 |
org.jenkins-ci.main:remotingMaven | >= 3256, < 3256.3258 | 3256.3258 |
org.jenkins-ci.main:jenkins-coreMaven | < 2.452.4 | 2.452.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.460, < 2.462.1 | 2.462.1 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.470, < 2.471 | 2.471 |
Affected products
11- osv-coords10 versionspkg:apk/chainguard/jenkinspkg:apk/chainguard/jenkins-2.462pkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-remotingpkg:apk/wolfi/jenkinspkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-remotingpkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-corepkg:maven/org.jenkins-ci.main/remoting
< 2.472-r0+ 9 more
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.462.3-r8
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.472-r0
- (no CPE)range: < 2.462.1
- (no CPE)range: < 2.452.4
- (no CPE)range: < 3206.3208
- Range: 2.452.4
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-h856-ffvv-xvr4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-43044ghsaADVISORY
- www.jenkins.io/security/advisory/2024-08-07/nvdVendor AdvisoryWEB
- github.com/jenkinsci/jenkins/commit/3f54c41b40db9e4ae7afa4209bc1ea91bb9175c0ghsaWEB
- github.com/jenkinsci/jenkins/commit/5d26b53ad3a5cd8c4a060eef4f56d75e65ca17a5ghsaWEB
- github.com/jenkinsci/jenkins/commit/cec49ce5d58048f66ac3fa88409a0d38dec09bf0ghsaWEB
- github.com/jenkinsci/remoting/commit/3277a8e88c9b807b9a989bd7e9176d2ec9834e47ghsaWEB
- github.com/jenkinsci/remoting/commit/409508a675ffc4ed9681e30bb46c8d9cb375b78cghsaWEB
- github.com/jenkinsci/remoting/commit/858f3c9af69d4d216b26551ea51dde6e67479bb3ghsaWEB
News mentions
1- Jenkins Security Advisory 2024-08-07Jenkins Security Advisories · Aug 7, 2024