Protection Mechanism Failure Affecting com.compuware.jenkins:compuware-zadviser-api package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.07% (32nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-COMCOMPUWAREJENKINS-2964186
  • published31 Jul 2022
  • disclosed31 Jul 2022
  • creditUnknown

Introduced: 31 Jul 2022

CVE-2022-36900  (opens in a new tab)
CWE-693  (opens in a new tab)

How to fix?

There is no fixed version for com.compuware.jenkins:compuware-zadviser-api.

Overview

Affected versions of this package are vulnerable to Protection Mechanism Failure due to missing restriction execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

CVSS Base Scores

version 3.1