EUVD-2022-7036

Malicious code in bioql PyPI...

EUVD-2022-6321

Malicious code in bioql PyPI...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controll...

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Design/Logic Flaw

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

The vulnerability of the Jenkins Compuware Source Code Download plugin for Endevor, PDS, and ISPW plugins is related to deficiencies in the authentication process, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins Compuware Source Code Download plugin for Endevor, PDS, and ISPW plugins is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Jenkins Compuware ISPW Operations Plugin, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins Compuware ISPW Operations Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Jenkins Compuware ISPW Operations Plugin involves a violation of data protection mechanisms, allowing an attacker to gain unauthorized access to protected information related to system configuration settings.

The vulnerability of the Jenkins Compuware ISPW Operations Plugin is related to a breach of data protection mechanisms. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected system configuration information...

GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints

Jenkins BMC AMI DevX Code Pipeline Operations Plugin 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36898

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

Code injection

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...