CVE-2022-43429

CWE-284Improper Access ControlCWE-6935 documents5 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Compuware Topaz FOR Total Test PluginJenkins Compuware Topaz FOR Total Test
Timeline
PublishedOct 19

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
CVEList
CVE-2022-43429: Jenkins Compuware Topaz for Total Test Plugin 22022-10-19
GHSA
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure2022-10-19
OSV
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure2022-10-19

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2022-10-192022-10-19