WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-43428 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

Description

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

Remediation

References

https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624

http://www.openwall.com/lists/oss-security/2022/10/19/3

Related Vulnerabilities

CVE-2021-21603 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-23458 Vulnerability in maven package org.webjars.bowergithub.nhn:tui.grid

CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config

CVE-2020-2290 Vulnerability in maven package org.biouno:uno-choice

CVE-2017-4963 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory NVD-CWE-noinfo