Vulnerability Description
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Compuware Topaz Utilities | < 1.0.9 |
| Jenkins | Jenkins | <= 2.138 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2620Vendor Advisory
FAQ
What is CVE-2022-43422?
CVE-2022-43422 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to ob...
How severe is CVE-2022-43422?
CVE-2022-43422 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43422?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Compuware Topaz Utilities, Jenkins Jenkins.