Wiz
Vulnerability DatabaseCVE-2024-43044

CVE-2024-43044
Java vulnerability analysis and mitigation

Overview

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier contains a critical vulnerability (CVE-2024-43044) in the Remoting library that allows agent processes to read arbitrary files from the Jenkins controller file system. The vulnerability specifically affects the ClassLoaderProxy#fetchJar method, which is used for communication between controller and agents (Jenkins Advisory).

Technical details

The vulnerability exists in the Remoting library (typically agent.jar or remoting.jar) versions 3256.v88a_f6e922152 and earlier, with some exceptions. The issue occurs when Channel#preloadJar API calls result in file retrieval from the controller using ClassLoaderProxy#fetchJar. The implementation does not properly restrict the paths that agents can request from the controller file system. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

Impact

This vulnerability allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file system. The impact is considered critical as the information obtained can be used to escalate privileges up to and including remote code execution (RCE). Unlike previous similar vulnerabilities, there are no limitations on reading binary data with specific character encodings (Jenkins Advisory).

Mitigation and workarounds

The vulnerability is fixed in Jenkins 2.471, LTS 2.452.4, and LTS 2.462.1. The fix modifies the Remoting library to send jar file contents with Channel#preloadJar requests directly, eliminating the need for agents to request jar file contents from controllers. For administrators unable to update immediately, a workaround is available on GitHub that disables the affected Channel#preloadJar functionality. Additionally, administrators can set the Java system property jenkins.security.s2m.JarURLValidatorImpl.REJECT_ALL on the controller to true to prohibit jar requests entirely, though this may affect certain plugin functionalities (Jenkins Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo