CVE-2024-43044

HIGH

Jenkins < 2.452.4 and < 2.471 - Arbitrary File Read via ClassLoaderProxy#fetchJar

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2024-43044. PoCs published by convisolabs, v9d0g, HwMex0.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-43044, which leverages an arbitrary file read vulnerability in Jenkins to forge a 'remember-me' cookie for admin access. The exploit includes multiple Java classes to handle cookie forgery, remote file reading, and script console execution.

Description

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.

Exploits (5)

nomisec WORKING POC 184 stars

by convisolabs · poc

https://github.com/convisolabs/CVE-2024-43044-jenkins

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-43044, which leverages an arbitrary file read vulnerability in Jenkins to forge a 'remember-me' cookie for admin access. The exploit includes multiple Java classes to handle cookie forgery, remote file reading, and script console execution.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (versions up to 2.441)

No auth needed

Prerequisites: Access to a vulnerable Jenkins instance · Node name and secret key for agent setup

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 20 stars

by v9d0g · poc

https://github.com/v9d0g/CVE-2024-43044-POC

View Code ZIP pw:eip

This repository provides a functional PoC for CVE-2024-43044, which involves modifying the `RemoteClassLoader.class` in Jenkins to achieve arbitrary file read via a crafted JAR file. The exploit requires prior knowledge of the target node's secret and name.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (specific version not specified)

Auth required

Prerequisites: Access to the target Jenkins node's secret and name · Ability to modify and recompile the `agent.jar` file

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 19 stars

by HwMex0 · poc

https://github.com/HwMex0/CVE-2024-43044

View Code ZIP pw:eip

This repository contains a Python script that scans Jenkins instances for CVE-2024-43044 by checking version headers against known vulnerable ranges. It does not exploit the vulnerability but detects potentially vulnerable versions.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Jenkins (core and remoting)

No auth needed

Prerequisites: Network access to the Jenkins instance

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by jenkinsci-cert · poc

https://github.com/jenkinsci-cert/SECURITY-3430

View Code ZIP pw:eip

This repository provides a Java agent that mitigates CVE-2024-43044 by transforming the vulnerable `RemoteClassLoader$ClassLoaderProxy` class to block the `fetchJar` method, preventing exploitation. It includes functional code to apply the workaround as a Java agent or standalone tool.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (up to and including 2.470 and LTS 2.452.3)

No auth needed

Prerequisites: Access to Jenkins controller process · Ability to modify JVM arguments

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by DACC4 · poc

https://github.com/DACC4/CVE-2024-43044-jenkins-creds

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-43044, an arbitrary file read vulnerability in Jenkins. The exploit reads the credentials.xml file and decrypts it using secret keys obtained via the vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (versions up to 2.441)

Auth required

Prerequisites: Access to a Jenkins agent with a valid node name and secret key · Jenkins server URL

MITRE ATT&CK

T1005 - Data from Local System T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430

Scores

CVSS v3 8.8

EPSS 0.6637

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (4)

jenkins/jenkins < 2.452.4

jenkins/jenkins < 2.471

org.jenkins-ci.main/jenkins-core 0 - 2.452.4Maven

org.jenkins-ci.main/remoting 0 - 3206.3208Maven

Published Aug 07, 2024

Tracked Since Feb 18, 2026