CVE-2022-3676 In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check
These inlined interface method calls are only visible if you have the interface type checked in the code. This can be done using either a
CVE-2022-39259 ddx is a set of command-line and GUI tools for producing Java source code from Android Dex and Apk files. 1.4.5 is vulnerable to DOS when opening zip files with HTML sequences.
If you are using an earlier version, you should upgrade as soon as possible. These warnings are generated by the Java plug-in and may not
CVE-2022-43422 Compuware Topaz Utilities Plugin 1.0.8 and earlier has an agent/controller message that doesn't limit where it can be executed, which allows attackers to obtain values of Java system properties.
Further, this issue can be triggered by sending an improper message from a plugin that has access to the Jenkins HTTP API. For example, an
CVE-2022-43432 Jenkins XFramium Builder Plugin 1.0.22 and earlier disables Content-Security-Policy protection for user-generated content.
This can be dangerous if you host public download sites for example, or allow third party code to be hosted on your servers via Git.
CVE-2022-43414 Jenkins NUnit Plugin 0.27 and earlier has an agent-to-controller message that parses files as test results, allowing attackers to control agent processes to obtain test results from files in the attacker's specification.
This can lead to information leakage from the Jenkins environment, such as revealing credentials or sensitive data. Jenkins is not vulnerable to this issue if
Episode
00:00:00
00:00:00