This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be used as part of an attack to capture the credentials using another vulnerability.

Compuware Xpediter Code Coverage Plugin 1.0.8 requires the appropriate permissions to enumerate hosts and ports of Compuware configurations and credentials IDs.

Affected Packages

Maven com.compuware.jenkins:compuware-xpediter-code-coverage

Affected versions: 0 (fixed in 1.0.8)

Related CVEs

CVE-2022-36897

Key Information

GHSA ID

GHSA-hxf7-9rv9-88v6

Published

July 28, 2022 12:00 AM

Last Modified

October 27, 2023 8:18 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.compuware.jenkins:compuware-xpediter-code-coverage

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.