CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43423
https://notcve.org/view.php?id=CVE-2022-43423
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versiones 2.0.12 y anteriores, implementa un mensaje agent/controller que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente obtener los valores de las propiedades del sistema Java desde el proceso del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36896
https://notcve.org/view.php?id=CVE-2022-36896
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Una comprobación de permiso faltante en Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versiones 2.0.12 y anteriores, permite a atacantes con permiso Overall/Read enumerar hosts y puertos de configuraciones de Compuware e IDs de credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621 • CWE-862: Missing Authorization •