GHSA-hxf7-9rv9-88v6

Опубликовано: 28 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be used as part of an attack to capture the credentials using another vulnerability.

Compuware Xpediter Code Coverage Plugin 1.0.8 requires the appropriate permissions to enumerate hosts and ports of Compuware configurations and credentials IDs.

Ссылки

Пакеты

Наименование

com.compuware.jenkins:compuware-xpediter-code-coverage

maven

Затронутые версииВерсия исправления

<= 1.0.7

1.0.8

EPSS

Процентиль: 52%

0.00292

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-36897

Дефекты

CWE-862

Связанные уязвимости

CVE-2022-36897

CVSS3: 4.3

nvd

больше 3 лет назад

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

BDU:2022-04866

CVSS3: 4.3

fstec

больше 3 лет назад

Уязвимость плагина Jenkins Compuware Xpediter Code Coverage Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 52%

0.00292

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2022-36897

Дефекты

CWE-862