Vulnerability Description
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Compuware Xpediter Code Coverage | < 1.0.8 |
| Jenkins | Jenkins | <= 2.303.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627Vendor Advisory
FAQ
What is CVE-2022-43424?
CVE-2022-43424 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processe...
How severe is CVE-2022-43424?
CVE-2022-43424 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43424?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Compuware Xpediter Code Coverage, Jenkins Jenkins.