CVE-2022-43424: Protection Mechanism Failure

October 19, 2022 (updated October 20, 2022)

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

References

www.openwall.com/lists/oss-security/2022/10/19/3
github.com/advisories/GHSA-mfcw-83qg-4vw3
nvd.nist.gov/vuln/detail/CVE-2022-43424
www.jenkins.io/security/advisory/2022-10-19/

Detect and mitigate CVE-2022-43424 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →