Description
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2627
Related Vulnerabilities
CVE-2023-3431 Vulnerability in maven package net.sourceforge.plantuml:plantuml
CVE-2020-1937 Vulnerability in maven package org.apache.kylin:kylin-server-base
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2019-5748 Vulnerability in maven package org.traccar:traccar
CVE-2020-1936 Vulnerability in maven package org.apache.ambari:ambari-web