Vulnerabilities > CVE-2022-36900 - Unspecified vulnerability in Jenkins Compuware Zadviser API 1.0.3

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

jenkins

NVD

Published: 2022-07-27

Updated: 2023-11-02

Summary

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Compuware Zadviser API - Jenkins Compuware Zadviser API 1.0.3 Jenkins Jenkins *	4

References

https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630
http://www.openwall.com/lists/oss-security/2022/07/27/1