CVE-2022-43424

Published: Oct 19, 2022Modified: May 8, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Affected (1)

Products: Jenkins: Compuware Xpediter Code Coverage

1 product

Compuware Xpediter Code Coverage

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Jenkins Compuware Xpediter Code Coverage	Before 1.0.8

Running on/with	Platform Versions
Jenkins Jenkins	Up to 2.318
Jenkins Jenkins	Up to 2.303.2

Related CWEs

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (4)

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.