CVSS: 8.8EPSS: 0%CPEs: -EXPL: 3CVE-2024-43044 – jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
https://notcve.org/view.php?id=CVE-2024-43044
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. ... The ClassLoaderProxy#fetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller's file system due to insufficient path restrictions permissions, which could lead to Privilege Escalation and Remote Code Execution (RCE) • https://github.com/v9d0g/CVE-2024-43044-POC https://github.com/HwMex0/CVE-2024-43044 https://github.com/convisolabs/CVE-2024-43044-jenkins https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430 https://access.redhat.com/security/cve/CVE-2024-43044 https://bugzilla.redhat.com/show_bug.cgi?id=2303466 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34623
https://notcve.org/view.php?id=CVE-2024-34623
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=08 •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-34622
https://notcve.org/view.php?id=CVE-2024-34622
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=08 •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-34619
https://notcve.org/view.php?id=CVE-2024-34619
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=08 •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-34614
https://notcve.org/view.php?id=CVE-2024-34614
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=08 •