334 matches found
CVE-2022-43428
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43423
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
CVE-2022-43422
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43422
CVE-2022-43422 affects Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier. The root cause is an agent/controller message that is not limited to where it can be executed, allowing attackers who can control agent processes to obtain Java system properties from the Jenkins controller process...
CVE-2022-43423
CVE-2022-43423 concerns the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions
CVE-2022-43428
CVE-2022-43428 affects Jenkins Compuware Topaz for Total Test Plugin, v2.4.8 and earlier. Affected plugin uses an agent/controller message that can run without restricting execution location, allowing an attacker who controls agent processes to read Java system properties from the Jenkins control...
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file...
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
Jenkins Compuware zAdviser API Plugin defines a controller/agent message that retrieves Java system properties. Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve...
GHSA-5XP2-7QFC-FWGC Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
Jenkins Compuware zAdviser API Plugin defines a controller/agent message that retrieves Java system properties. Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve...
CVE-2022-36900
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36900
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36900
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
Code injection
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
Code injection
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36900
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-36900
CVE-2022-36900 affects Jenkins Compuware zAdviser API Plugin versions 1.0.3 and earlier. The root cause is that the plugin’s controller/agent message is not restricted to agents, enabling an attacker who can control agent processes to retrieve Java system properties. This has been described in mu...