OpenCVE

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jenkins	Compuware Source Code Download For Endevor\, Pds\, And Ispw

Configuration 1 [-]

cpe:2.3:a:jenkins:compuware_source_code_download_for_endevor\,_pds\,_and_ispw:*:*:*:*:*:jenkins:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621

History

No history.

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2022-07-27T14:23:58

Updated: 2024-08-03T10:14:29.495Z

Reserved: 2022-07-27T00:00:00

Link: CVE-2022-36896

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-27T15:15:09.557

Modified: 2024-11-21T07:14:01.297

Link: CVE-2022-36896

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin", "vendor": "Jenkins project", "versions": [{"lessThanOrEqual": "2.0.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T14:24:11.995Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621"}, {"name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2022-36896", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.0.12"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862: Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621", "refsource": "CONFIRM", "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621"}, {"name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:29.495Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621"}, {"name": "[oss-security] 20220727 Multiple vulnerabilities in Jenkins plugins", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2022-36896", "datePublished": "2022-07-27T14:23:58", "dateReserved": "2022-07-27T00:00:00", "dateUpdated": "2024-08-03T10:14:29.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:compuware_source_code_download_for_endevor\\,_pds\\,_and_ispw:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AF0FEF49-711B-4B72-9761-7551A352514C", "versionEndIncluding": "2.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins."}, {"lang": "es", "value": "Una comprobaci\u00f3n de permiso faltante en Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versiones 2.0.12 y anteriores, permite a atacantes con permiso Overall/Read enumerar hosts y puertos de configuraciones de Compuware e IDs de credenciales almacenadas en Jenkins"}], "id": "CVE-2022-36896", "lastModified": "2024-11-21T07:14:01.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-27T15:15:09.557", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/27/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2621"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}