Vulnerability Description
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Compuware Topaz For Total Test | <= 2.4.8 |
| Jenkins | Jenkins | <= 2.303.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624Vendor Advisory
FAQ
What is CVE-2022-43428?
CVE-2022-43428 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes ...
How severe is CVE-2022-43428?
CVE-2022-43428 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43428?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Compuware Topaz For Total Test, Jenkins Jenkins.