CVE-2022-36896

2022-07-2715:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2022-36896

jenkins

compuware

endevor

pds

ispw

security

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

JSON

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

Affected configurations

NVD

Node

jenkinscompuware_source_code_download_for_endevor\,_pds\,_and_ispwRange≤2.0.12jenkins

CPENameOperatorVersion
jenkins:compuware_source_code_download_for_endevor\,_pds\,_and_ispwjenkins compuware source code download for endevor, pds, and ispwle2.0.12

CPE	Name	Operator	Version
jenkins:compuware_source_code_download_for_endevor\,_pds\,_and_ispw	jenkins compuware source code download for endevor, pds, and ispw	le	2.0.12

CNA Affected

[
  {
    "product": "Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.0.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]