Description
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
Remediation
References
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2629
http://www.openwall.com/lists/oss-security/2022/07/27/1
Related Vulnerabilities
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hbase_2-client-service
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-embed
CVE-2014-0363 Vulnerability in maven package org.igniterealtime.smack:smack-core
CVE-2018-1999038 Vulnerability in maven package org.jenkins-ci.plugins:publish-over-cifs