We found results for “”
CVE-2022-43424
Good to know:
Date: October 19, 2022
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Protection Mechanism Failure
CWE-693Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version com.compuware.jenkins:compuware-xpediter-code-coverage:1.0.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |