CVE-2022-43424

2022-10-1916:15:11

[email protected]

web.nvd.nist.gov

cve-2022-43424

jenkins

compuware

xpediter

code coverage plugin

unauthorized access

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.5%

JSON

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Affected configurations

NVD

Node

jenkinscompuware_xpediter_code_coverageRange<1.0.8jenkins

AND

jenkinsjenkinsRange≤2.303.2lts

jenkinsjenkinsRange≤2.318-

CPENameOperatorVersion
jenkins:compuware_xpediter_code_coveragejenkins compuware xpediter code coveragelt1.0.8

CPE	Name	Operator	Version
jenkins:compuware_xpediter_code_coverage	jenkins compuware xpediter code coverage	lt	1.0.8

CNA Affected

[
  {
    "product": "Jenkins Compuware Xpediter Code Coverage Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]