CVE-2022-36899: Jenkins Compuware ISPW Operations Plugin before 1.0.9 vulnerable to protection mechanism failure
(updated )
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.
References
Detect and mitigate CVE-2022-36899 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →