5 matches found
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
GHSA-57F2-52WJ-7VJ6 Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
BMC Compuware ISPW Operations Plugin defines a controller/agent message that retrieves Java system properties. BMC Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to...
Code injection
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36899
Affected software: Jenkins Compuware ISPW Operations Plugin, version 1.0.8 and earlier. Root cause: The plugin does not restrict execution of a controller/agent message to agents, enabling an attacker who can control agent processes to retrieve Java system properties. Impact (as stated): unauthor...
CVE-2022-36898
CVE-2022-36898 affects Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier. The vulnerability is a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs stored in Jenkins. T...