Description

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/10/19/3

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620

Related Vulnerabilities

CVE-2023-49733 Vulnerability in maven package org.apache.cocoon:cocoon-core

CVE-2022-0155 Vulnerability in npm package follow-redirects

CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2021-23370 Vulnerability in npm package swiper

CVE-2021-32808 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo