Vulnerability Description
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Compuware Source Code Download For Endevor\, Pds\, And Ispw | < 2.0.13 |
| Jenkins | Jenkins | <= 2.303.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2622Vendor Advisory
FAQ
What is CVE-2022-43423?
CVE-2022-43423 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able...
How severe is CVE-2022-43423?
CVE-2022-43423 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43423?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Compuware Source Code Download For Endevor\, Pds\, And Ispw, Jenkins Jenkins.