Tech »  Topic »  Critical Jenkins Vulnerabilities Expose Servers To RCE Attack

Critical Jenkins Vulnerabilities Expose Servers To RCE Attack


Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead to remote code execution (RCE).

An attacker may be able to read arbitrary files from the Jenkins controller file system, which could disclose confidential data or open the door to more exploitation.

“This is a critical vulnerability as the information obtained can be used to increase access up to and including remote code execution (RCE)”, reads the Jenkins Security Advisory.

Overview Of The Vulnerability

The critical arbitrary file read vulnerability is identified as  CVE-2024-43044, which lets attackers with Agent/Connect permission, agent processes, and code executing on agents read arbitrary files from the Jenkins controller file system.

Jenkins employs the Remoting library to facilitate communication between the controller and agents; this library is usually agent.jar or remoting.jar.

Are you from SOC and ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE