{"id":"CVE-2022-36900","details":"Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.","aliases":["GHSA-5xp2-7qfc-fwgc"],"modified":"2026-03-14T11:50:29.067825Z","published":"2022-07-27T15:15:09.777Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/07/27/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2630"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36900.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.0.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}]}