Maven package
com.compuware.jenkins/compuware-ispw-operations
pkg:maven/com.compuware.jenkins/compuware-ispw-operations
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36899 | — | < 1.0.9 | 1.0.9 | Jul 27, 2022 | Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | ||
| CVE-2022-36898 | — | < 1.0.9 | 1.0.9 | Jul 27, 2022 | A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. |
- CVE-2022-36899Jul 27, 2022affected < 1.0.9fixed 1.0.9
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
- CVE-2022-36898Jul 27, 2022affected < 1.0.9fixed 1.0.9
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.