1. Home
  2. Vulnerabilities
  3. CVE-2022-43424

CVE-2022-43424

CVSS v3.1 5.3 (Medium)
53% Progress
EPSS 0.08 % (34th)
0.08% Progress
Affected Products 2
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2022-10-19 16:15:11
(23 months ago)
Updated Date
2023-11-03 01:24:27
(10 months ago)

Affected Products

Jenkins

Configuration #1

AND
    CPE23 From Up To
OR  
  Jenkins Compuware Xpediter Code Coverage for Jenkins prior 1.0.8 version cpe:2.3:a:jenkins:compuware_xpediter_code_coverage::*:*:*:*:jenkins < 1.0.8
OR  
  Running on/with
  Jenkins 2.303.2 and prior versions cpe:2.3:a:jenkins:jenkins::*:*:*:lts <= 2.303.2
OR  
  Running on/with
  Jenkins 2.318 and prior versions cpe:2.3:a:jenkins:jenkins::*:*:*:- <= 2.318