5 matches found
jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...
jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...
CVE-2024-43044
A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...
GHSA-H856-FFVV-XVR4 Jenkins Remoting library arbitrary file read vulnerability
Jenkins uses the Remoting library typically agent.jar or remoting.jar for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller build steps, etc. can be executed on...
PT-2024-5496 · Jenkins +2 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.470 and earlier, LTS versions 2.452.3 and earlier Description: A critical issue in Jenkins allows agent processes to read arbitrary files from the Jenkins controller file system by using the ClassLoaderProxyfetchJar method ...