Action not permitted
Modal body text goes here.
cve-2024-43044
Vulnerability from cvelistv5
Published
2024-08-07 13:27
Modified
2024-08-07 17:29
Severity ?
EPSS score ?
Summary
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Jenkins Project | Jenkins |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T17:28:25.431874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T17:29:40.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Jenkins",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "2.452.*",
"status": "unaffected",
"version": "2.452.4",
"versionType": "maven"
},
{
"lessThan": "2.462.*",
"status": "unaffected",
"version": "2.462.1",
"versionType": "maven"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "2.471",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library."
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T13:27:11.438Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2024-08-07",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2024-43044",
"datePublished": "2024-08-07T13:27:11.438Z",
"dateReserved": "2024-08-05T12:46:38.501Z",
"dateUpdated": "2024-08-07T17:29:40.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43044\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2024-08-07T14:15:33.000\",\"lastModified\":\"2024-08-16T17:19:30.643\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.\"},{\"lang\":\"es\",\"value\":\"Jenkins 2.470 y anteriores, LTS 2.452.3 y anteriores permiten que los procesos del agente lean archivos arbitrarios del sistema de archivos del controlador Jenkins mediante el m\u00e9todo `ClassLoaderProxy#fetchJar` en la librer\u00eda Remoting.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"2.452.4\",\"matchCriteriaId\":\"0041C764-EA61-4445-9696-65E22A678FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"2.471\",\"matchCriteriaId\":\"1139DB12-D88F-4E0D-B22F-2A147B1EFD31\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
rhsa-2024_5405
Vulnerability from csaf_redhat
Published
2024-08-14 15:47
Modified
2024-11-06 06:41
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15.
Red Hat Product Security has rated this update as having a security impact of Critical.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15.\nRed Hat Product Security has rated this update as having a security impact of Critical.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5405",
"url": "https://access.redhat.com/errata/RHSA-2024:5405"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5405.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2024-11-06T06:41:43+00:00",
"generator": {
"date": "2024-11-06T06:41:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:5405",
"initial_release_date": "2024-08-14T15:47:29+00:00",
"revision_history": [
{
"date": "2024-08-14T15:47:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-14T15:47:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:41:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723440104-3.el8.src",
"product": {
"name": "jenkins-0:2.462.1.1723440104-3.el8.src",
"product_id": "jenkins-0:2.462.1.1723440104-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723440104-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1723440333-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1723440333-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723440104-3.el8.noarch",
"product": {
"name": "jenkins-0:2.462.1.1723440104-3.el8.noarch",
"product_id": "jenkins-0:2.462.1.1723440104-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723440104-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1723440333-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723440104-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.noarch"
},
"product_reference": "jenkins-0:2.462.1.1723440104-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723440104-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.src"
},
"product_reference": "jenkins-0:2.462.1.1723440104-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1723440333-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1723440333-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43044",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-08-07T14:20:25.491155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2303466"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller\u0027s file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as critical because it could allow remote code execution (RCE). Additionally, this vulnerability may enable an attacker to read arbitrary files from the Jenkins controller, resulting in a significant exposure of confidential information, compromising the overall integrity of the Jenkins instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43044"
},
{
"category": "external",
"summary": "RHBZ#2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430",
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
],
"release_date": "2024-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-14T15:47:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5405"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.462.1.1723440104-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1723440333-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE"
}
]
}
rhsa-2024_5410
Vulnerability from csaf_redhat
Published
2024-08-14 17:42
Modified
2024-11-06 06:41
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12.
Red Hat Product Security has rated this update as having a security impact of Critical.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12.\nRed Hat Product Security has rated this update as having a security impact of Critical.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5410",
"url": "https://access.redhat.com/errata/RHSA-2024:5410"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5410.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2024-11-06T06:41:13+00:00",
"generator": {
"date": "2024-11-06T06:41:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:5410",
"initial_release_date": "2024-08-14T17:42:05+00:00",
"revision_history": [
{
"date": "2024-08-14T17:42:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-14T17:42:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:41:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723550696-3.el8.src",
"product": {
"name": "jenkins-0:2.462.1.1723550696-3.el8.src",
"product_id": "jenkins-0:2.462.1.1723550696-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723550696-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1723550778-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1723550778-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723550696-3.el8.noarch",
"product": {
"name": "jenkins-0:2.462.1.1723550696-3.el8.noarch",
"product_id": "jenkins-0:2.462.1.1723550696-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723550696-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1723550778-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723550696-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.noarch"
},
"product_reference": "jenkins-0:2.462.1.1723550696-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723550696-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.src"
},
"product_reference": "jenkins-0:2.462.1.1723550696-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1723550778-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1723550778-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43044",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-08-07T14:20:25.491155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2303466"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller\u0027s file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as critical because it could allow remote code execution (RCE). Additionally, this vulnerability may enable an attacker to read arbitrary files from the Jenkins controller, resulting in a significant exposure of confidential information, compromising the overall integrity of the Jenkins instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43044"
},
{
"category": "external",
"summary": "RHBZ#2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430",
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
],
"release_date": "2024-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-14T17:42:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5410"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.462.1.1723550696-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1723550778-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE"
}
]
}
rhsa-2024_5411
Vulnerability from csaf_redhat
Published
2024-08-14 17:42
Modified
2024-11-06 06:41
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14.
Red Hat Product Security has rated this update as having a security impact of critical.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,
is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: Arbitrary file read vulnerability through agent connections can lead
to RCE (CVE-2024-43044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14.\nRed Hat Product Security has rated this update as having a security impact of critical.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,\nis available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Arbitrary file read vulnerability through agent connections can lead\nto RCE (CVE-2024-43044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5411",
"url": "https://access.redhat.com/errata/RHSA-2024:5411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2136374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136374"
},
{
"category": "external",
"summary": "2136386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136386"
},
{
"category": "external",
"summary": "2136388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136388"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "JKNS-271",
"url": "https://issues.redhat.com/browse/JKNS-271"
},
{
"category": "external",
"summary": "JKNS-289",
"url": "https://issues.redhat.com/browse/JKNS-289"
},
{
"category": "external",
"summary": "JKNS-337",
"url": "https://issues.redhat.com/browse/JKNS-337"
},
{
"category": "external",
"summary": "JKNS-344",
"url": "https://issues.redhat.com/browse/JKNS-344"
},
{
"category": "external",
"summary": "JKNS-345",
"url": "https://issues.redhat.com/browse/JKNS-345"
},
{
"category": "external",
"summary": "JKNS-397",
"url": "https://issues.redhat.com/browse/JKNS-397"
},
{
"category": "external",
"summary": "JKNS-398",
"url": "https://issues.redhat.com/browse/JKNS-398"
},
{
"category": "external",
"summary": "OCPBUGS-11158",
"url": "https://issues.redhat.com/browse/OCPBUGS-11158"
},
{
"category": "external",
"summary": "OCPBUGS-11253",
"url": "https://issues.redhat.com/browse/OCPBUGS-11253"
},
{
"category": "external",
"summary": "OCPBUGS-11254",
"url": "https://issues.redhat.com/browse/OCPBUGS-11254"
},
{
"category": "external",
"summary": "OCPBUGS-11446",
"url": "https://issues.redhat.com/browse/OCPBUGS-11446"
},
{
"category": "external",
"summary": "OCPBUGS-1357",
"url": "https://issues.redhat.com/browse/OCPBUGS-1357"
},
{
"category": "external",
"summary": "OCPBUGS-13869",
"url": "https://issues.redhat.com/browse/OCPBUGS-13869"
},
{
"category": "external",
"summary": "OCPBUGS-14111",
"url": "https://issues.redhat.com/browse/OCPBUGS-14111"
},
{
"category": "external",
"summary": "OCPBUGS-14609",
"url": "https://issues.redhat.com/browse/OCPBUGS-14609"
},
{
"category": "external",
"summary": "OCPBUGS-15646",
"url": "https://issues.redhat.com/browse/OCPBUGS-15646"
},
{
"category": "external",
"summary": "OCPBUGS-15902",
"url": "https://issues.redhat.com/browse/OCPBUGS-15902"
},
{
"category": "external",
"summary": "OCPBUGS-1709",
"url": "https://issues.redhat.com/browse/OCPBUGS-1709"
},
{
"category": "external",
"summary": "OCPBUGS-1942",
"url": "https://issues.redhat.com/browse/OCPBUGS-1942"
},
{
"category": "external",
"summary": "OCPBUGS-2099",
"url": "https://issues.redhat.com/browse/OCPBUGS-2099"
},
{
"category": "external",
"summary": "OCPBUGS-2184",
"url": "https://issues.redhat.com/browse/OCPBUGS-2184"
},
{
"category": "external",
"summary": "OCPBUGS-2318",
"url": "https://issues.redhat.com/browse/OCPBUGS-2318"
},
{
"category": "external",
"summary": "OCPBUGS-23438",
"url": "https://issues.redhat.com/browse/OCPBUGS-23438"
},
{
"category": "external",
"summary": "OCPBUGS-27388",
"url": "https://issues.redhat.com/browse/OCPBUGS-27388"
},
{
"category": "external",
"summary": "OCPBUGS-28961",
"url": "https://issues.redhat.com/browse/OCPBUGS-28961"
},
{
"category": "external",
"summary": "OCPBUGS-655",
"url": "https://issues.redhat.com/browse/OCPBUGS-655"
},
{
"category": "external",
"summary": "OCPBUGS-6579",
"url": "https://issues.redhat.com/browse/OCPBUGS-6579"
},
{
"category": "external",
"summary": "OCPBUGS-6870",
"url": "https://issues.redhat.com/browse/OCPBUGS-6870"
},
{
"category": "external",
"summary": "OCPBUGS-710",
"url": "https://issues.redhat.com/browse/OCPBUGS-710"
},
{
"category": "external",
"summary": "OCPBUGS-8377",
"url": "https://issues.redhat.com/browse/OCPBUGS-8377"
},
{
"category": "external",
"summary": "OCPBUGS-8442",
"url": "https://issues.redhat.com/browse/OCPBUGS-8442"
},
{
"category": "external",
"summary": "OCPTOOLS-244",
"url": "https://issues.redhat.com/browse/OCPTOOLS-244"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5411.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2024-11-06T06:41:22+00:00",
"generator": {
"date": "2024-11-06T06:41:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:5411",
"initial_release_date": "2024-08-14T17:42:14+00:00",
"revision_history": [
{
"date": "2024-08-14T17:42:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-14T17:42:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:41:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723225151-3.el8.src",
"product": {
"name": "jenkins-0:2.462.1.1723225151-3.el8.src",
"product_id": "jenkins-0:2.462.1.1723225151-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723225151-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1723225212-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1723225212-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723225151-3.el8.noarch",
"product": {
"name": "jenkins-0:2.462.1.1723225151-3.el8.noarch",
"product_id": "jenkins-0:2.462.1.1723225151-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723225151-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1723225212-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723225151-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.noarch"
},
"product_reference": "jenkins-0:2.462.1.1723225151-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723225151-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.src"
},
"product_reference": "jenkins-0:2.462.1.1723225151-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1723225212-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1723225212-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43044",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-08-07T14:20:25.491155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2303466"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller\u0027s file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as critical because it could allow remote code execution (RCE). Additionally, this vulnerability may enable an attacker to read arbitrary files from the Jenkins controller, resulting in a significant exposure of confidential information, compromising the overall integrity of the Jenkins instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43044"
},
{
"category": "external",
"summary": "RHBZ#2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430",
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
],
"release_date": "2024-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-14T17:42:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5411"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.462.1.1723225151-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1723225212-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE"
}
]
}
rhsa-2024_5406
Vulnerability from csaf_redhat
Published
2024-08-14 16:14
Modified
2024-11-06 06:41
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13.
Red Hat Product Security has rated this update as having a security impact of critical.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,
is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13.\nRed Hat Product Security has rated this update as having a security impact of critical.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,\nis available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:5406",
"url": "https://access.redhat.com/errata/RHSA-2024:5406"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2136374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136374"
},
{
"category": "external",
"summary": "2136386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136386"
},
{
"category": "external",
"summary": "2136388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136388"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "JKNS-271",
"url": "https://issues.redhat.com/browse/JKNS-271"
},
{
"category": "external",
"summary": "JKNS-289",
"url": "https://issues.redhat.com/browse/JKNS-289"
},
{
"category": "external",
"summary": "JKNS-397",
"url": "https://issues.redhat.com/browse/JKNS-397"
},
{
"category": "external",
"summary": "JKNS-398",
"url": "https://issues.redhat.com/browse/JKNS-398"
},
{
"category": "external",
"summary": "OCPBUGS-10934",
"url": "https://issues.redhat.com/browse/OCPBUGS-10934"
},
{
"category": "external",
"summary": "OCPBUGS-11158",
"url": "https://issues.redhat.com/browse/OCPBUGS-11158"
},
{
"category": "external",
"summary": "OCPBUGS-11329",
"url": "https://issues.redhat.com/browse/OCPBUGS-11329"
},
{
"category": "external",
"summary": "OCPBUGS-11446",
"url": "https://issues.redhat.com/browse/OCPBUGS-11446"
},
{
"category": "external",
"summary": "OCPBUGS-11452",
"url": "https://issues.redhat.com/browse/OCPBUGS-11452"
},
{
"category": "external",
"summary": "OCPBUGS-1357",
"url": "https://issues.redhat.com/browse/OCPBUGS-1357"
},
{
"category": "external",
"summary": "OCPBUGS-13651",
"url": "https://issues.redhat.com/browse/OCPBUGS-13651"
},
{
"category": "external",
"summary": "OCPBUGS-13870",
"url": "https://issues.redhat.com/browse/OCPBUGS-13870"
},
{
"category": "external",
"summary": "OCPBUGS-14112",
"url": "https://issues.redhat.com/browse/OCPBUGS-14112"
},
{
"category": "external",
"summary": "OCPBUGS-14311",
"url": "https://issues.redhat.com/browse/OCPBUGS-14311"
},
{
"category": "external",
"summary": "OCPBUGS-14634",
"url": "https://issues.redhat.com/browse/OCPBUGS-14634"
},
{
"category": "external",
"summary": "OCPBUGS-15647",
"url": "https://issues.redhat.com/browse/OCPBUGS-15647"
},
{
"category": "external",
"summary": "OCPBUGS-15986",
"url": "https://issues.redhat.com/browse/OCPBUGS-15986"
},
{
"category": "external",
"summary": "OCPBUGS-1709",
"url": "https://issues.redhat.com/browse/OCPBUGS-1709"
},
{
"category": "external",
"summary": "OCPBUGS-1942",
"url": "https://issues.redhat.com/browse/OCPBUGS-1942"
},
{
"category": "external",
"summary": "OCPBUGS-2099",
"url": "https://issues.redhat.com/browse/OCPBUGS-2099"
},
{
"category": "external",
"summary": "OCPBUGS-2184",
"url": "https://issues.redhat.com/browse/OCPBUGS-2184"
},
{
"category": "external",
"summary": "OCPBUGS-2318",
"url": "https://issues.redhat.com/browse/OCPBUGS-2318"
},
{
"category": "external",
"summary": "OCPBUGS-27389",
"url": "https://issues.redhat.com/browse/OCPBUGS-27389"
},
{
"category": "external",
"summary": "OCPBUGS-28962",
"url": "https://issues.redhat.com/browse/OCPBUGS-28962"
},
{
"category": "external",
"summary": "OCPBUGS-655",
"url": "https://issues.redhat.com/browse/OCPBUGS-655"
},
{
"category": "external",
"summary": "OCPBUGS-6579",
"url": "https://issues.redhat.com/browse/OCPBUGS-6579"
},
{
"category": "external",
"summary": "OCPBUGS-6870",
"url": "https://issues.redhat.com/browse/OCPBUGS-6870"
},
{
"category": "external",
"summary": "OCPBUGS-710",
"url": "https://issues.redhat.com/browse/OCPBUGS-710"
},
{
"category": "external",
"summary": "OCPBUGS-8377",
"url": "https://issues.redhat.com/browse/OCPBUGS-8377"
},
{
"category": "external",
"summary": "OCPBUGS-8442",
"url": "https://issues.redhat.com/browse/OCPBUGS-8442"
},
{
"category": "external",
"summary": "OCPTOOLS-245",
"url": "https://issues.redhat.com/browse/OCPTOOLS-245"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5406.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2024-11-06T06:41:33+00:00",
"generator": {
"date": "2024-11-06T06:41:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:5406",
"initial_release_date": "2024-08-14T16:14:19+00:00",
"revision_history": [
{
"date": "2024-08-14T16:14:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-08-14T16:14:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:41:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Jenkins"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723445923-3.el8.src",
"product": {
"name": "jenkins-0:2.462.1.1723445923-3.el8.src",
"product_id": "jenkins-0:2.462.1.1723445923-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723445923-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1723446018-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1723446018-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.462.1.1723445923-3.el8.noarch",
"product": {
"name": "jenkins-0:2.462.1.1723445923-3.el8.noarch",
"product_id": "jenkins-0:2.462.1.1723445923-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.462.1.1723445923-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1723446018-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723445923-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.noarch"
},
"product_reference": "jenkins-0:2.462.1.1723445923-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.462.1.1723445923-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.src"
},
"product_reference": "jenkins-0:2.462.1.1723445923-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1723446018-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1723446018-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43044",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-08-07T14:20:25.491155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2303466"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller\u0027s file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as critical because it could allow remote code execution (RCE). Additionally, this vulnerability may enable an attacker to read arbitrary files from the Jenkins controller, resulting in a significant exposure of confidential information, compromising the overall integrity of the Jenkins instance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43044"
},
{
"category": "external",
"summary": "RHBZ#2303466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303466"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430",
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
],
"release_date": "2024-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-08-14T16:14:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:5406"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.462.1.1723445923-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1723446018-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE"
}
]
}
ghsa-h856-ffvv-xvr4
Vulnerability from github
Published
2024-08-07 15:30
Modified
2024-08-16 18:33
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Summary
Jenkins Remoting library arbitrary file read vulnerability
Details
Jenkins uses the Remoting library (typically agent.jar or remoting.jar) for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller (build steps, etc.) can be executed on agents.
In addition to individual class and resource files, Remoting also allows Jenkins plugins to transmit entire jar files to agents using the Channel#preloadJar API. As of publication of this advisory, this feature is used by the following plugins distributed by the Jenkins project: bouncycastle API, Groovy, Ivy, TeamConcert
In Remoting 3256.v88a_f6e922152 and earlier, except 3206.3208.v409508a_675ff and 3248.3250.v3277a_8e88c9b_, included in Jenkins 2.470 and earlier, LTS 2.452.3 and earlier, calls to Channel#preloadJar result in the retrieval of files from the controller by the agent using ClassLoaderProxy#fetchJar. Additionally, the implementation of ClassLoaderProxy#fetchJar invoked on the controller does not restrict paths that agents could request to read from the controller file system.
This allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file system.
The Remoting library in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 now sends jar file contents with Channel#preloadJar requests, the only use case of ClassLoaderProxy#fetchJar in agents, so that agents do not need to request jar file contents from controllers anymore.
To retain compatibility with older versions of Remoting in combination with the plugins listed above, ClassLoaderProxy#fetchJar is retained and otherwise unused, just deprecated. Its implementation in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 was changed so that it is now limited to retrieving jar files referenced in the core classloader or any plugin classloader.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:remoting"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3206.3208"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:remoting"
},
"ranges": [
{
"events": [
{
"introduced": "3248"
},
{
"fixed": "3248.3250"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:remoting"
},
"ranges": [
{
"events": [
{
"introduced": "3256"
},
{
"fixed": "3256.3258"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.452.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.460"
},
{
"fixed": "2.462.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.470"
},
{
"fixed": "2.471"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-43044"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-754"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-07T18:12:59Z",
"nvd_published_at": "2024-08-07T14:15:33Z",
"severity": "CRITICAL"
},
"details": "Jenkins uses the Remoting library (typically `agent.jar` or `remoting.jar`) for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller (build steps, etc.) can be executed on agents.\n\nIn addition to individual class and resource files, Remoting also allows Jenkins plugins to transmit entire jar files to agents using the `Channel#preloadJar` API. As of publication of this advisory, this feature is used by the following plugins distributed by the Jenkins project: bouncycastle API, Groovy, Ivy, TeamConcert\n\nIn Remoting 3256.v88a_f6e922152 and earlier, except 3206.3208.v409508a_675ff and 3248.3250.v3277a_8e88c9b_, included in Jenkins 2.470 and earlier, LTS 2.452.3 and earlier, calls to `Channel#preloadJar` result in the retrieval of files from the controller by the agent using `ClassLoaderProxy#fetchJar`. Additionally, the implementation of `ClassLoaderProxy#fetchJar` invoked on the controller does not restrict paths that agents could request to read from the controller file system.\n\nThis allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file system.\n\nThe Remoting library in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 now sends jar file contents with `Channel#preloadJar` requests, the only use case of `ClassLoaderProxy#fetchJar` in agents, so that agents do not need to request jar file contents from controllers anymore.\n\nTo retain compatibility with older versions of Remoting in combination with the plugins listed above, `ClassLoaderProxy#fetchJar` is retained and otherwise unused, just deprecated. Its implementation in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 was changed so that it is now limited to retrieving jar files referenced in the core classloader or any plugin classloader.",
"id": "GHSA-h856-ffvv-xvr4",
"modified": "2024-08-16T18:33:07Z",
"published": "2024-08-07T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43044"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/3f54c41b40db9e4ae7afa4209bc1ea91bb9175c0"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/5d26b53ad3a5cd8c4a060eef4f56d75e65ca17a5"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/jenkins/commit/cec49ce5d58048f66ac3fa88409a0d38dec09bf0"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/remoting/commit/3277a8e88c9b807b9a989bd7e9176d2ec9834e47"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/remoting/commit/409508a675ffc4ed9681e30bb46c8d9cb375b78c"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/remoting/commit/858f3c9af69d4d216b26551ea51dde6e67479bb3"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/remoting"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Jenkins Remoting library arbitrary file read vulnerability"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.