Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Published

2022-10-19T16:15:11.673

Last Modified

2025-05-08T19:15:55.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-610

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	compuware_topaz_for_total_test	≤ 2.4.8	Yes
Application	jenkins	jenkins	≤ 2.303.2	No
Application	jenkins	jenkins	≤ 2.318	No

References

http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory ([email protected])
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/10/19/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)