Missing Permission in Jenkins CompSourceCode Download Plugin v2.0.12 and Earlier
CVE-2022-36896 Published on July 27, 2022

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

NVD

Products Associated with CVE-2022-36896

Want to know whenever a new CVE is published for Jenkins Compuware Source Code Download Endevor Pds Ispw? stack.watch will email you.

Jenkins Compuware Source Code Download Endevor Pds Ispw

Affected Versions

Jenkins project Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin:

Version unspecified, <= 2.0.12 is affected.

Exploit Probability

EPSS

0.40%

Percentile

61.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Missing Permission in Jenkins CompSourceCode Download Plugin v2.0.12 and EarlierCVE-2022-36896 Published on July 27, 2022

Products Associated with CVE-2022-36896

Affected Versions

Exploit Probability

Missing Permission in Jenkins CompSourceCode Download Plugin v2.0.12 and Earlier
CVE-2022-36896 Published on July 27, 2022