A critical vulnerability in Jenkins allows agent processes to read arbitrary files from the Jenkins controller file system. This flaw could be exploited to achieve remote code execution, putting the entire Jenkins environment and the sensitive data within it at risk.
| Product | Jenkins |
| Date | 2024-08-09 09:53:57 |
Technical Summary
Jenkins 2.470 and earlier, as well as LTS 2.452.3 and earlier, contain a vulnerability identified as CVE-2024-43044, which allows agent processes to read arbitrary files from the Jenkins controller file system. This vulnerability can potentially lead to remote code execution. Attackers can exploit this flaw to gain unauthorized access to sensitive information, execute malicious commands, or obtain higher privileges on the Jenkins controller. This could compromise the entire Jenkins environment, allowing attackers to take control of the system, disrupt operations, or further infiltrate the network.
[Callforaction-THREAT-Footer]
