22 matches found
EUVD-2022-7185
Malicious code in bioql PyPI...
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...
GHSA-VHWV-8897-JM7Q XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...
CVE-2022-43429
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...
CVE-2022-43428
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43427
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-43430
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Design/Logic Flaw
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...
Input validation
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
Jenkins Compuware Topaz for Total Test Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Compuware Topaz for Total Test Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...
CVE-2022-43429
CVE-2022-43429 affects Jenkins with the Compuware Topaz for Total Test Plugin (versions ≤ 2.4.8). The issue is an agent/controller message that does not limit where it can be executed, enabling attackers who can control agent processes to read arbitrary files on the Jenkins controller file system...
CVE-2022-43429
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...
Jenkins Compuware Topaz for Total Test Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-43427
CVE-2022-43427 affects Jenkins with the Compuware Topaz for Total Test Plugin 2.4.8 and earlier . The root issue is that several HTTP endpoints do not perform proper permission checks, allowing attackers with Overall/Read to enumerate the credentials IDs stored in Jenkins. This is a credential di...
CVE-2022-43430
CVE-2022-43430 affects Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier. Root cause: the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks. Impact: a crafted XML input in the Topaz Execute Total Test scenarios could allow extraction of secr...
PT-2022-26913 · Compuware +1 · Jenkins Compuware Topaz For Total Test Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system due to an agent/controller message...