Lucene search

JenkinsCVE-2022-36898

HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36898

2022-07-2715:15:09

CWE-862

jenkins

web.nvd.nist.gov

jenkins

compuware ispw operations plugin

cve-2022-36898

security vulnerability

permission check

credential enumeration

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

Affected configurations

Nvd

Node

jenkinscompuware_ispw_operationsRange≤1.0.8jenkins

VendorProductVersionCPE
jenkinscompuware_ispw_operations*cpe:2.3:a:jenkins:compuware_ispw_operations:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	compuware_ispw_operations	*	cpe:2.3:a:jenkins:compuware_ispw_operations::::::jenkins::*

CNA Affected

[
  {
    "product": "Jenkins Compuware ISPW Operations Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2022/07/27/1

www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2628

Social References

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Related for CVE-2022-36898