Description
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
Remediation
References
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
http://www.openwall.com/lists/oss-security/2022/10/19/3
Related Vulnerabilities
CVE-2023-22894 Vulnerability in npm package @strapi/strapi
CVE-2015-5207 Vulnerability in npm package cordova-ios
CVE-2011-2481 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-23847 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity
CVE-2019-1003099 Vulnerability in maven package org.jenkins-ci.plugins:openid