CVE-2022-43427

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 32.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Compuware Topaz FOR Total TestJenkins Project Jenkins Compuware Topaz FOR Total Test Plugin
Timeline
PublishedOct 19

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins2022-10-19
OSV
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins2022-10-19
CVEList
CVE-2022-43427: Jenkins Compuware Topaz for Total Test Plugin 22022-10-19

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-10-192022-10-19