CVE-2022-43423

Name of the Vulnerable Software and Affected Versions Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier

Description The issue allows attackers who can control agent processes to obtain Java system properties from the Jenkins controller process due to an agent/controller message that does not limit its execution location. This can be exploited by controlling agent processes, potentially leading to unauthorized access to sensitive information.

Recommendations For Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier, update to version 2.0.13 or later, which restricts the execution of the agent/controller message to agents. For Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier, upgrade to a newer version to mitigate the risk.