4 matches found
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
The vulnerability of the Jenkins Compuware ISPW Operations Plugin, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins Compuware ISPW Operations Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...
CVE-2022-36898
CVE-2022-36898 affects Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier. The vulnerability is a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs stored in Jenkins. T...