Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43423

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Published

2022-10-19T16:15:11.387

Last Modified

2025-05-08T19:15:54.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-610

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	compuware_source_code_download_for_endevor\,_pds\,_and_ispw	< 2.0.13	Yes
Application	jenkins	jenkins	≤ 2.303.2	No
Application	jenkins	jenkins	≤ 2.318	No

References

http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)