Lucene search
GitHub Advisory DatabaseGHSA-7FVJ-G3WP-29G8HistoryOct 19, 2022 - 7:00 p.m.
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
2022-10-1919:00:22
CWE-693
GitHub Advisory Database
github.com
7
jenkins
compuware
total test plugin
vulnerability
message handling
file system.
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
52.5%
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
Affected configurations
Node
com.compuware.jenkinscompuware-topaz-for-total-testRange≤2.4.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| com.compuware.jenkins | compuware-topaz-for-total-test | * | cpe:2.3:a:com.compuware.jenkins:compuware-topaz-for-total-test:*:*:*:*:*:*:*:* |
Related
osv
osv
nvd
nvd
CVE-2022-43429
2022-10-19 16:15:11
prion
prion
Design/Logic Flaw
2022-10-19 16:15:00
cve
cve
CVE-2022-43429
2022-10-19 16:15:11
cvelist
cvelist
CVE-2022-43429
2022-10-19 00:00:00
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-10-19)
2023-03-03 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
52.5%
Related for GHSA-7FVJ-G3WP-29G8