CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43044

Critical Severity
Jenkins
SVRS
85/100
CVSSv3
8.8/10
EPSS
0.42059/1

CVE-2024-43044 is a critical security vulnerability in Jenkins allowing unauthorized file access. Jenkins versions 2.470 and earlier, as well as LTS versions 2.452.3 and earlier, are affected, enabling agent processes to read arbitrary files from the Jenkins controller file system via the ClassLoaderProxy#fetchJar method within the Remoting library. With a SOCRadar Vulnerability Risk Score (SVRS) of 85, this CVE is classified as critical, demanding immediate attention and patching. Active exploits are available, posing a significant risk of system compromise. This vulnerability enables attackers to potentially gain access to sensitive data and critical system configurations. Given its high SVRS and the presence of active exploits, patching CVE-2024-43044 is a top priority to prevent unauthorized access and maintain system integrity.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-14
LAST MODIFIED2024-08-07
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-43044 is a critical vulnerability in Jenkins, a popular open-source automation server. It allows attackers to read arbitrary files from the Jenkins controller file system, potentially leading to sensitive data exposure or remote code execution. The SVRS of 50 indicates a moderate risk, but the presence of active exploits and its "In The Wild" status warrant immediate attention.

Key Insights:

  • Remote File Access: Attackers can exploit this vulnerability to access sensitive files on the Jenkins controller, including configuration files, credentials, and source code.
  • Potential Data Breach: The exposed files may contain confidential information, such as customer data, financial records, or intellectual property, leading to a data breach.
  • Remote Code Execution: In certain scenarios, attackers could exploit this vulnerability to execute arbitrary code on the Jenkins controller, allowing them to take control of the system.

Mitigation Strategies:

  • Update Jenkins: Install the latest version of Jenkins (2.471 or later) or LTS 2.453 or later, which includes a fix for this vulnerability.
  • Restrict Access: Limit access to the Jenkins controller to authorized users and implement strong authentication mechanisms.
  • Monitor Logs: Regularly monitor Jenkins logs for suspicious activity and investigate any unauthorized file access attempts.
  • Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests and protect against exploitation attempts.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • In The Wild: The vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
0c8622c4871541e89d0173d5be0db8aa2024-09-18
HASH
2407c4ef1588fa67dd5bd7c64f419abd2024-09-18
HASH
561cadadc4aebc67e6186a009aea89432024-09-18
HASH
914857733785f39647f6081c3c5d20482024-09-18
HOSTNAME
mst2.mymst007.info2024-09-18

Exploits

TitleSoftware LinkDate
v9d0g/CVE-2024-43044-POChttps://github.com/v9d0g/CVE-2024-43044-POC2024-08-13
convisolabs/CVE-2024-43044-jenkinshttps://github.com/convisolabs/CVE-2024-43044-jenkins2024-08-23
jenkinsci-cert/SECURITY-3430https://github.com/jenkinsci-cert/SECURITY-34302024-08-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Tuesday, September 3rd, 2024
Dr. Johannes B. Ullrich2024-09-03
ISC StormCast for Tuesday, September 3rd, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Convert Wireshark Filter; GitHub Comments Spreading Malware; Google Sheets C2; Jenkins PoC;Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities<br
sans.edu
rss
forum
news
FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™
Ferdi Gül2024-08-30
FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written By: Ferdi GülContributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday, where we dive into the latest high-profile cybersecurity incidents impacting third-party risk management (TPRM). In today’s blog, we explore critical vulnerabilities in Dahua IP Cameras, SonicWall Firewalls, WPML plugin for WordPress, and Fortra’s FileCatalyst Workflow. These vulnerabilities present significant risks to organizations relying [&#8230;] The post <a href="https://blackkite.com/blog/focus-friday-managing-third-party-risks-from-dahua-ip-camera-sonicwall-firewall-and-wpml-filecatalyst-workflow-vulnerabilities-with-black-kites-focustags/
cve-2024-39949
cve-2024-39948
cve-2024-39932
cve-2021-34473
FOCUS FRIDAY: TPRM INSIGHTS INTO THE PAN-OS CLEARTEXT VULNERABILITY &amp; A SNEAK PEEK INTO WHAT’S NEXT
Ferdi Gül2024-09-13
FOCUS FRIDAY: TPRM INSIGHTS INTO THE PAN-OS CLEARTEXT VULNERABILITY &amp; A SNEAK PEEK INTO WHAT’S NEXT | Written By: Ferdi Gül &#38; Ferhat Dikbiyik Welcome to this week&#8217;s Focus Friday blog, where we continue to explore high-profile cybersecurity incidents through the lens of Third-Party Risk Management (TPRM). As organizations grapple with an ever-evolving threat landscape, vulnerabilities in critical infrastructure remain a constant concern. This week, we focus on the PAN-OS Cleartext vulnerability [&#8230;] The post FOCUS FRIDAY: TPRM
cve-2021-31196
cve-2024-33535
cve-2024-8687
cve-2024-39949
FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND ADOBE FLASH PLAYER VULNERABILITIES
Ferdi Gül2024-09-20
FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND ADOBE FLASH PLAYER VULNERABILITIES | Written By: Ferdi Gül Contributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday blog, where we explore some of the most critical vulnerabilities impacting third-party vendors. In today’s post, we’re delving into vulnerabilities within two major software systems: Microsoft SQL Server (MSSQL) and Adobe Flash Player. These vulnerabilities pose a serious risk for companies still [&#8230;] The post FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND
cve-2014-0497
cve-2024-22116
cve-2024-8687
cve-2021-33044

Social Media

🚨🛠️ Added CVE-2024-43044 #Jenkins RCE blog into #CyberSecFolio. https://t.co/1sNNdhhwwU #infosec #cyber #security Original blog 👇 https://t.co/MGZi46WZqR
1
0
0
@pravin_karthik CVE-2024-43044 not 43004
0
0
0
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents https://t.co/1Nsm1NSseA Published By :- Gabriel Quadros (@gqsilva) Ricardo Silva (@rick2600) #infosec #bugbounty #TogetherWeHitHarder #inbbupdatesblogs
0
0
0
🚨🔒 Critical Vulnerability Alert: CVE-2024-43044 in Jenkins! This serious flaw allows Jenkins agents to read arbitrary files from the controller. Attackers that hijacked a machine running a Jenkins Agent can exploit this issue to gain control over the Jenkins Controller.
1
0
1
🚨 Mitigation Step: To secure your Jenkins environment from CVE-2024-43044, follow the recommended workaround provided by Jenkins - https://t.co/b5MKqLtXXG. Stay safe! (3/3)
1
0
0
CVE-2024-6670 : Critical SQL injection vulnerability in WhatsUp Gold - POC released!!! CVE-2024-43044 : Vulnerability in Jenkins automation server - POC released!!! Patch now!!!🚫🚫 #cve #jenkins #WhatsUpGold
0
0
1
Update: Exploits for CVE-2024-43044 : Path Transversal vulnerability in Jenkins is available publicly. IF YOU HAVEN'T PATCHED IT YET, PATCH IT NOW!! Link: https://t.co/B8efXGWVtk https://t.co/3AjBIgqo4q #PatchNOW #Vulnerability #cybersecurity #hacked #Cyberattack #infosec
0
0
0
Exploit for the vulnerability CVE-2024-43044 in Jenkins https://t.co/afkVMagVTR #Pentesting #Exploit #vulnerabilityvulnerability #CyberSecurity #Infosec https://t.co/aKJZu6xtbL
0
0
0
GitHub - convisolabs/CVE-2024-43044-jenkins: Exploit for the vulnerability CVE-2024-43044 in Jenkins - https://t.co/jlYj8s48vN
0
0
0
Exploiting Jenkins RCE Vulnerability (CVE-2024-43044) Via Agents – Technical Analysis https://t.co/0w6dtKKNor #Infosec #Security #Cybersecurity #CeptBiro #Jenkins #RCE #Vulnerability
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppJenkinsjenkins

References

ReferenceLink
[email protected]https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
JENKINS SECURITY ADVISORY 2024-08-07https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

CWE Details

CWE IDCWE NameDescription
CWE-754Improper Check for Unusual or Exceptional ConditionsThe software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence