Code Coverage Plugin for Jenkins Exposes Java System Properties
CVE-2022-43424
5.3MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 19 October 2022
What is CVE-2022-43424?
The Compuware Xpediter Code Coverage Plugin for Jenkins versions 1.0.7 and earlier contains a flaw in its agent/controller message handling. This vulnerability allows attackers who have control over agent processes to execute commands without restriction. Consequently, these attackers can gather sensitive Java system property values from the Jenkins controller process, potentially leading to unauthorized access and information leakage.
Affected Version(s)
Jenkins Compuware Xpediter Code Coverage Plugin <= 1.0.7