CVE-2022-43429

Published: Oct 19, 2022Modified: May 8, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

Affected (1)

Products: Jenkins: Compuware Topaz For Total Test

1 product

Compuware Topaz For Total Test

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Jenkins Compuware Topaz For Total Test	Up to 2.4.8

Running on/with	Platform Versions
Jenkins Jenkins	Up to 2.318
Jenkins Jenkins	Up to 2.303.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2022/10/19/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.