12 matches found
CVE-2022-43430
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-43423
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
CVE-2022-36899
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...
CVE-2022-43427
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Design/Logic Flaw
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43430
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2022-26912 · Compuware +1 · Jenkins Compuware Topaz For Total Test Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier Description: The issue allows attackers who can control agent processes to obtain the values of Java system properties from the Jenkins controller process due to an...
CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43428
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-41226
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
The vulnerability of the Jenkins Compuware Xpediter Code Coverage Plugin, related to deficiencies in authentication procedures, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins Compuware Xpediter Code Coverage Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Code injection
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties...