EUVD-2022-7036

Malicious code in bioql PyPI...

EUVD-2022-6321

Malicious code in bioql PyPI...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controll...

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Design/Logic Flaw

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin

BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...

Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints

Jenkins BMC AMI DevX Code Pipeline Operations Plugin 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36898

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

Code injection

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36899

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...

CVE-2022-36899

Affected software: Jenkins Compuware ISPW Operations Plugin, version 1.0.8 and earlier. Root cause: The plugin does not restrict execution of a controller/agent message to agents, enabling an attacker who can control agent processes to retrieve Java system properties. Impact (as stated): unauthor...

CVE-2022-36898

CVE-2022-36898 affects Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier. The vulnerability is a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs stored in Jenkins. T...