CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43422
https://notcve.org/view.php?id=CVE-2022-43422
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. Jenkins Compuware Topaz Utilities Plugin versiones 1.0.8 y anteriores, implementan un mensaje de agent/controller que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente obtener los valores de las propiedades del sistema Java del proceso controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43428
https://notcve.org/view.php?id=CVE-2022-43428
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. Jenkins Compuware Topaz for Total Test Plugin versiones 2.4.8 y anteriores, implementan un mensaje agent/controller que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente obtener los valores de las propiedades del sistema Java del proceso del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43432
https://notcve.org/view.php?id=CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. Jenkins XFramium Builder Plugin versiones 1.0.22 y anteriores, deshabilita programáticamente la protección de la Política de Seguridad de Contenidos para el contenido generado por el usuario en los espacios de trabajo, artefactos archivados, etc. que Jenkins ofrece para su descarga • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2863 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43424
https://notcve.org/view.php?id=CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. El plugin de cobertura de código de Jenkins Compuware Xpediter versiones 1.0.7 y anteriores, implementa un mensaje de agente/controlador que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente obtener los valores de las propiedades del sistema Java del proceso del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627 •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43401 – jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin
https://notcve.org/view.php?id=CVE-2022-43401
A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión del sandbox que involucra varios moldes llevados a cabo implícitamente por el tiempo de ejecución del lenguaje Groovy en Jenkins Script Security Plugin versiones 1183.v774b_0b_0a_a_451 y anteriores, permite a atacantes con permiso para definir y ejecutar scripts en sandbox, incluyendo Pipelines, omitir la protección del sandbox y ejecutar código arbitrario en el contexto de la JVM del controlador de Jenkins A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins. • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29 https://access.redhat.com/security/cve/CVE-2022-43401 https://bugzilla.redhat.com/show_bug.cgi?id=2136381 • CWE-693: Protection Mechanism Failure •