VYPR
← All advisories
Moderate severityNVD Advisory· Published Jul 27, 2022· Updated Aug 3, 2024

CVE-2022-36896

CVE-2022-36896

Description

Jenkins Compuware Source Code Download plugin 2.0.12 and earlier lacks a permission check, allowing attackers with Overall/Read to enumerate hosts, ports, and credential IDs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Jenkins Compuware Source Code Download plugin 2.0.12 and earlier lacks a permission check, allowing attackers with Overall/Read to enumerate hosts, ports, and credential IDs.

Vulnerability

CVE-2022-36896 is a missing permission check in the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (now BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline). Versions 2.0.12 and earlier do not verify that a user has the required permission before exposing the plugin's configuration data [1][4]. This flaw affects the form that lists configured Compuware hosts and ports, as well as the credential IDs stored in Jenkins.

Exploitation

An attacker who already possesses at least Overall/Read permission on a Jenkins instance can exploit this vulnerability. No authentication beyond that low-privilege level is needed. The missing check is in the plugin's permission handling for the configuration form, meaning the effective permission required to access the host/port and credential ID information is lowered to Overall/Read [1]. An attacker with this permission can send crafted requests to enumerate these details.

Impact

By exploiting this issue, an attacker can enumerate hosts and ports of Compuware configurations and the credential IDs of credentials stored in Jenkins that are associated with the plugin. While the actual credential secrets are not disclosed, knowing the credential IDs can help an attacker target those credentials in subsequent attacks (e.g., if another vulnerability allows overwriting or using them). The enumeration of hosts and ports also aids in reconnaissance of the internal network [1][4].

Mitigation

The Jenkins Security Advisory 2022-07-27 indicates the fix was released in version 2.0.13 of the plugin [2]. Users should upgrade to this version or later to remediate the issue. There are no reported workarounds; upgrading is the recommended action. The plugin was also renamed to BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline [3].

References
  1. Jenkins Security Advisory 2022-07-27
  2. security - Multiple vulnerabilities in Jenkins plugins
  3. GitHub - jenkinsci/compuware-scm-downloader-plugin: Compuware Source Code Download for Endevor and PDS/ISPW
  4. NVD - CVE-2022-36896

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.compuware.jenkins:compuware-scm-downloaderMaven
< 2.0.132.0.13

Affected products

2

Patches

1
bf00665b1364

SECURITY-2621: Added Missing permission checks.

https://github.com/jenkinsci/compuware-scm-downloader-pluginvaibhjaiMay 16, 2022via ghsa
commit
5 files changed · +30 0
  • src/main/java/com/compuware/jenkins/scm/AbstractConfiguration.java+6 0 modified
    @@ -106,6 +106,12 @@ protected AbstractConfigurationImpl(Class<? extends RepositoryBrowser<?>> reposi
 		 */

 		public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Jenkins context, @QueryParameter String credentialsId,

 				@AncestorInPath Item project) {

+			if (project == null) {

+				Jenkins.get().checkPermission(Jenkins.ADMINISTER);

+			} else {

+				project.checkPermission(Item.CONFIGURE);

+			}

+		

 			List<StandardCredentials> creds = CredentialsProvider.lookupCredentials(StandardCredentials.class, project, ACL.SYSTEM,

 					Collections.<DomainRequirement>emptyList());
  • src/main/java/com/compuware/jenkins/scm/EndevorConfiguration.java+6 0 modified
    @@ -255,6 +255,12 @@ public FormValidation doCheckConnectionId(@QueryParameter String connectionId)
 		public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId,
 				@AncestorInPath Item project)
 		{
+			if (project == null) {
+				Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+			} else {
+				project.checkPermission(Item.CONFIGURE);
+			}
+
 			CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get();
 			HostConnection[] hostConnections = globalConfig.getHostConnections();
  • src/main/java/com/compuware/jenkins/scm/IspwConfiguration.java+6 0 modified
    @@ -416,6 +416,12 @@ public FormValidation doCheckConnectionId(@QueryParameter String connectionId)
 		public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId,

 				@AncestorInPath Item project)

 		{

+			if (project == null) {

+				Jenkins.get().checkPermission(Jenkins.ADMINISTER);

+			} else {

+				project.checkPermission(Item.CONFIGURE);

+			}

+

 			CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get();

 			HostConnection[] hostConnections = globalConfig.getHostConnections();
  • src/main/java/com/compuware/jenkins/scm/IspwContainerConfiguration.java+6 0 modified
    @@ -312,6 +312,12 @@ public FormValidation doCheckConnectionId(@QueryParameter String connectionId)
 		public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId,

 				@AncestorInPath Item project)

 		{

+			if (project == null) {

+				Jenkins.get().checkPermission(Jenkins.ADMINISTER);

+			} else {

+				project.checkPermission(Item.CONFIGURE);

+			}

+

 			CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get();

 			HostConnection[] hostConnections = globalConfig.getHostConnections();
  • src/main/java/com/compuware/jenkins/scm/PdsConfiguration.java+6 0 modified
    @@ -254,6 +254,12 @@ public FormValidation doCheckConnectionId(@QueryParameter String connectionId)
 		public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId,
 				@AncestorInPath Item project)
 		{
+			if (project == null) {
+				Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+			} else {
+				project.checkPermission(Item.CONFIGURE);
+			}
+
 			CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get();
 			HostConnection[] hostConnections = globalConfig.getHostConnections();

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.