Lucene search
HistoryJul 27, 2022 - 3:15 p.m.
CVE-2022-36899
jenkins
compuware
ispw
operations plugin
execution control
vulnerability
java system properties
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS
0.001
Percentile
35.2%
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
Affected configurations
Node
jenkinscompuware_ispw_operationsRange<1.0.9jenkins
jenkinsjenkinsRange≤2.303.2lts
ORjenkinsjenkinsRange≤2.318-
Related
osv
osv
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
2022-07-28 00:00:42
CVE-2022-36899
2022-07-27 15:15:09
cvelist
cvelist
CVE-2022-36899
2022-07-27 14:24:38
prion
prion
Code injection
2022-07-27 15:15:00
github
github
cve
cve
CVE-2022-36899
2022-07-27 15:15:09
CVSS3
8.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS
0.001
Percentile
35.2%
Related for NVD:CVE-2022-36899