jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1705 more potentially affected by CVE-2024-43044 via org.jenkins-ci.main:remoting (>=1.396 <=3206.vb_15dcf73f6a_9)

org.jenkins-ci.main:remoting MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2024-43044 Source advisory: OSV:GHSA-H856-FFVV-XVR4...

GHSA-H856-FFVV-XVR4 Jenkins Remoting library arbitrary file read vulnerability

Jenkins uses the Remoting library typically agent.jar or remoting.jar for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller build steps, etc. can be executed on...

Jenkins allows Execution of Code by Opening a JRMP Listener

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...

GHSA-2X9H-H3C4-WQQH Improper Neutralization of Special Elements used in an LDAP Query in Jenkins

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

Fedora Update for jenkins-remoting FEDORA-2016-93679a91df

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 24 : jenkins / jenkins-remoting (2016-93679a91df)

Security fix for CVE-2016-9299 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

[SECURITY] Fedora 24 Update: jenkins-remoting-2.62.3-1.fc24

This package is primarily used by Jenkins for slave node management, but it could be potentially reused outside of this project...

Fedora Update for jenkins-remoting FEDORA-2016-368780879d

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: jenkins-remoting-2.62.3-1.fc25

This package is primarily used by Jenkins for slave node management, but it could be potentially reused outside of this project...

Fedora 25 : jenkins / jenkins-remoting (2016-368780879d)

Security fix for CVE-2016-9299 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

VulnCheck KEV: CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

Jenkins RCE 2(CVE-2 0 1 6-0 7 8 8)analysis and use-vulnerability and early warning-the black bar safety net

Foreign security researchers Moritz Bechler in 2 months found a Jenkins remote command execution vulnerability the vulnerability without having to login you can use, that is, the CVE-2 0 1 6-0 7 8 8 is. The official announcement is such description of this vulnerability: A vulnerability in the...

Fedora Update for jenkins-remoting FEDORA-2016-f3b40fcbc3

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: jenkins-remoting-2.57-1.fc24

This package is primarily used by Jenkins for slave node management, but it could be potentially reused outside of this project...

Mageia: Security Advisory (MGASA-2016-0162)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0162 Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

Fedora Update for jenkins-remoting FEDORA-2016-0

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for jenkins-remoting FEDORA-2016-641

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...