Moderate severityNVD Advisory· Published Jul 27, 2022· Updated Aug 3, 2024
CVE-2022-36900
CVE-2022-36900
Description
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.compuware.jenkins:compuware-zadviser-apiMaven | < 1.0.4 | 1.0.4 |
Affected products
2- Jenkins project/Jenkins Compuware zAdviser API Pluginv5Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5xp2-7qfc-fwgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-36900ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/07/27/1ghsamailing-listx_refsource_MLISTWEB
- github.com/jenkinsci/compuware-zadviser-api-plugin/commit/0aff2c33476b55b30e1fa9bb0eacf2f9f70ed0a8ghsaWEB
- www.jenkins.io/security/advisory/2022-07-27/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.