CVE-2022-43429

HIGH7.5EPSS 0.66%

Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure

Published: 10/19/2022Modified: 5/8/2025

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

Affected packages (1)

Maven/com.compuware.jenkins:compuware-topaz-for-total-testfrom 0, <= 2.4.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-43429
WEBhttps://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
WEBhttp://www.openwall.com/lists/oss-security/2022/10/19/3