Lucene search

GoogleOSV:CVE-2022-36898

HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36898

2022-07-2715:15:09

Google

osv.dev

permission check

enumeration

compuware configurations

jenkins credentials

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

References

www.openwall.com/lists/oss-security/2022/07/27/1

www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2628

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Related for OSV:CVE-2022-36898