Vulnerability Description
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Compuware Topaz For Total Test | <= 2.4.8 |
| Jenkins | Jenkins | <= 2.303.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/10/19/3Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624Vendor Advisory
FAQ
What is CVE-2022-43429?
CVE-2022-43429 is a vulnerability with a CVSS score of 7.5 (HIGH). Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes ...
How severe is CVE-2022-43429?
CVE-2022-43429 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43429?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Compuware Topaz For Total Test, Jenkins Jenkins.