Design/Logic Flaw

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

Design/Logic Flaw

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

Design/Logic Flaw

Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...

Input validation

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

Design/Logic Flaw

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Design/Logic Flaw

Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

Information disclosure

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

Jenkins Compuware Topaz Utilities Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-26912 · Compuware +1 · Jenkins Compuware Topaz For Total Test Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier Description: The issue allows attackers who can control agent processes to obtain the values of Java system properties from the Jenkins controller process due to an...

Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Compuware Strobe Measurement Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-26906 · Compuware +1 · Jenkins Compuware Topaz Utilities Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz Utilities Plugin versions 1.0.8 and earlier Description: The issue allows attackers who can control agent processes to obtain the values of Java system properties from the Jenkins controller process due to an...

CVE-2022-43431

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43427

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-43422

CVE-2022-43422 affects Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier. The root cause is an agent/controller message that is not limited to where it can be executed, allowing attackers who can control agent processes to obtain Java system properties from the Jenkins controller process...

CVE-2022-43428

CVE-2022-43428 affects Jenkins Compuware Topaz for Total Test Plugin, v2.4.8 and earlier. Affected plugin uses an agent/controller message that can run without restricting execution location, allowing an attacker who controls agent processes to read Java system properties from the Jenkins control...

CVE-2022-43429

CVE-2022-43429 affects Jenkins with the Compuware Topaz for Total Test Plugin (versions ≤ 2.4.8). The issue is an agent/controller message that does not limit where it can be executed, enabling attackers who can control agent processes to read arbitrary files on the Jenkins controller file system...

PT-2022-26908 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Xpediter Code Coverage Plugin versions 1.0.7 and earlier Jenkins versions 2.318 and earlier, LTS 2.303.2 and earlier Description: The issue allows attackers able to control agent processes to obtain the values of Java system...