HIGH · CVSS 8.0
CVE-2024-43044 — Jenkins arbitrary file read via Agent connection
Arbitrary file read on Jenkins controller via Remoting protocol.
Affects
- Jenkins 2.470 + LTS 2.452.3 + earlier
What an attacker does
Attacker with Agent/connect permission reads any file on Jenkins controller via crafted Remoting message.
How to detect
Jenkins version + agent-permission audit
How to fix
Upgrade Jenkins + restrict Agent permissions
Securie findinghigh · CVSS 8.0
CVE-2024-43044How Securie catches CVE-2024-43044
Securie's static-rules detects Jenkins version + identity-gov scans agent permissions.
Scan my repo for CVE-2024-43044 →Securie scans every PR · free during early access