CVE-2022-36898
Description
Missing permission check in Jenkins Compuware ISPW Operations Plugin allows attackers with Overall/Read to enumerate hosts, ports, and credential IDs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing permission check in Jenkins Compuware ISPW Operations Plugin allows attackers with Overall/Read to enumerate hosts, ports, and credential IDs.
Compuware ISPW Operations Plugin versions 1.0.8 and earlier implement a missing permission check in an unspecified function. This allows users with only the Overall/Read permission to access internal configuration data that should require higher privileges [1][3].
An attacker authenticated to Jenkins with Overall/Read permission can exploit this flaw to enumerate hosts and ports of Compuware configurations and the credential IDs of stored credentials [2]. No additional privileges or network position beyond Jenkins access is required.
This information disclosure can be used to map internal infrastructure and identify credential identifiers, which may facilitate further targeted attacks against Jenkins or connected systems [1][2].
The vulnerability is fixed in Compuware ISPW Operations Plugin version 1.0.9 [2]. Users are advised to upgrade immediately. No known workarounds exist.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.compuware.jenkins:compuware-ispw-operationsMaven | < 1.0.9 | 1.0.9 |
Affected products
2- Jenkins project/Jenkins Compuware ISPW Operations Pluginv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-cp5r-xqjr-84gmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36898ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/07/27/1ghsamailing-listx_refsource_MLISTWEB
- www.jenkins.io/security/advisory/2022-07-27/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.