CVE-2022-43422

Published: Oct 19, 2022Modified: May 8, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Affected (1)

Products: Jenkins: Compuware Topaz Utilities

1 product

Compuware Topaz Utilities

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Jenkins Compuware Topaz Utilities	Before 1.0.9

Running on/with	Platform Versions
Jenkins Jenkins	Up to 2.138
Jenkins Jenkins	Up to 2.303.2

Related CWEs

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (4)

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.