EUVD-2022-7182

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Jenkins Compuware Topaz for Total Test Plugin lacks permission checks, exposing credential IDs to attackers.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2022-43427	19 Oct 202220:15	–	circl
CNNVD	Jenkins Compuware Topaz for Total Test Plugin 安全漏洞	19 Oct 202200:00	–	cnnvd
CVE	CVE-2022-43427	19 Oct 202200:00	–	cve
Cvelist	CVE-2022-43427	19 Oct 202200:00	–	cvelist
Github Security Blog	Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins	19 Oct 202219:00	–	github
Tenable Nessus	Jenkins plugins Multiple Vulnerabilities (2022-10-19)	3 Mar 202300:00	–	nessus
NVD	CVE-2022-43427	19 Oct 202216:15	–	nvd
OSV	GHSA-X5GV-5RQV-654M Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins	19 Oct 202219:00	–	osv
Prion	Design/Logic Flaw	19 Oct 202216:15	–	prion
Positive Technologies	PT-2022-26911 · Jenkins · Jenkins Compuware Topaz For Total Test Plugin +1	19 Oct 202200:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "3509f5a9-62f2-3807-8c4f-f8254b14d7c0",
        "vendor": {
          "name": "Jenkins Project"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7ec25101-380f-30f3-a04f-033c1274d132",
        "product": {
          "name": "Jenkins Compuware Topaz for Total Test Plugin"
        },
        "product_version": "unspecified ≤2.4.8"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-43427
github	www.github.com/jenkinsci/compuware-topaz-for-total-test-plugin/commit/0ba4274d545eac39e3db48b5dfb4512db3242946
jenkins	www.jenkins.io/security/advisory/2022-10-19/
openwall	www.openwall.com/lists/oss-security/2022/10/19/3

03 Oct 2025 20:07Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.3

EPSS0.00529

SSVC