CVE-2022-43428

CWE-610 CWE-6935 documents5 sources

Severity

5.3MEDIUM

EPSS

1.4%

top 19.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Compuware Topaz FOR Total Test Plugin Jenkins Compuware Topaz FOR Total Test

Timeline

PublishedOct 19

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_compuware_topaz_for_total_test_pluginunspecified — 2.4.8

▶Mavencom.compuware.jenkins:compuware-topaz-for-total-test< 2.4.9

▶NVDjenkins/compuware_topaz2.4.8

🔴Vulnerability Details

OSV

Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin↗2022-10-19

▶

CVEList

CVE-2022-43428: Jenkins Compuware Topaz for Total Test Plugin 2↗2022-10-19

▶

GHSA

Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin↗2022-10-19

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-10-19↗2022-10-19

▶