CVE-2022-36900

Summary

Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Compuware zAdviser API Pluginunspecified <= 1.0.3affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References