Maven package
com.compuware.jenkins/compuware-scm-downloader
pkg:maven/com.compuware.jenkins/compuware-scm-downloader
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43423 | — | < 2.0.13 | 2.0.13 | Oct 19, 2022 | Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from | ||
| CVE-2022-36896 | — | < 2.0.13 | 2.0.13 | Jul 27, 2022 | A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. |
- CVE-2022-43423Oct 19, 2022affected < 2.0.13fixed 2.0.13
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from
- CVE-2022-36896Jul 27, 2022affected < 2.0.13fixed 2.0.13
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.