Jenkins: >> Compuware Ispw Operations >> 1.0.5 Security Vulnerabilities
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-07-27
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
CVSS Score
8.2
EPSS Score
0.003
Published
2022-07-27