Severity
High
Analysis Summary
CVE-2024-43044 CVSS:9
Jenkins weekly and LTS could allow a remote attacker to execute arbitrary code on the system, caused by an arbitrary file read flaw in the agent connections. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-43045 CVSS:5.4
Jenkins weekly and LTS could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access and change other users' "My Views".
Impact
- Code Execution
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-43044
- CVE-2024-43045
Affected Vendors
Jenkins
Affected Products
- Jenkins LTS 2.452.3
- Jenkins weekly 2.470
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.