CVE-2022-43423: 
Java vulnerability analysis and mitigation

CVE-2022-43423 affects the BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline Plugin (formerly known as Compuware Source Code Download for Endevor, PDS, and ISPW Plugin) version 2.0.12 and earlier. The vulnerability was disclosed on October 19, 2022, and is classified as a medium severity security issue (Jenkins Advisory).

The vulnerability is an agent-to-controller security bypass that exists because the plugin implements an agent/controller message that does not limit where it can be executed. The issue has a medium severity CVSS score and is specifically related to the plugin's message handling implementation (Jenkins Advisory).

This vulnerability allows attackers who are able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. The vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier (Jenkins Advisory).

The vulnerability has been fixed in BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline Plugin version 2.0.13, which restricts execution of the agent/controller message to agents. Users should upgrade to this version to mitigate the vulnerability (Jenkins Advisory).