jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

CVE-2024-43044

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

PT-2024-5496 · Jenkins +2 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.470 and earlier, LTS versions 2.452.3 and earlier Description: A critical issue in Jenkins allows agent processes to read arbitrary files from the Jenkins controller file system by using the ClassLoaderProxyfetchJar method ...