Donot APT Group Targeting Pakistan – Active IOCs
August 8, 2024Beyond the Firewall: Understanding the Multi-Layered Approach to Cyber Security
August 8, 2024Donot APT Group Targeting Pakistan – Active IOCs
August 8, 2024Beyond the Firewall: Understanding the Multi-Layered Approach to Cyber Security
August 8, 2024Severity
High
Analysis Summary
CVE-2024-43044 CVSS:9
Jenkins weekly and LTS could allow a remote attacker to execute arbitrary code on the system, caused by an arbitrary file read flaw in the agent connections. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43045 CVSS:5.4
Jenkins weekly and LTS could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access and change other users' "My Views".
Impact
- Code Execution
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-43044
- CVE-2024-43045
Affected Vendors
Affected Products
- Jenkins LTS 2.452.3
- Jenkins weekly 2.470
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.