CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624	Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:jenkins:compuware_topaz_for_total_test:*:*:*:*:*:wordpress:*:*

OR	cpe:2.3:a:jenkins:jenkins:::::lts:::*
	cpe:2.3:a:jenkins:jenkins:::::-:::*

Information

Published : 2022-10-19 09:15

Updated : 2022-10-21 19:24

NVD link : CVE-2022-43429

Mitre link : CVE-2022-43429

JSON object : View

CWE

CWE-693

Protection Mechanism Failure

Products Affected

jenkins

compuware_topaz_for_total_test
jenkins

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-693"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-43429", "ASSIGNER": "jenkinsci-cert@googlegroups.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2022-10-19T16:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:compuware_topaz_for_total_test:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.8"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "2.303.2"}, {"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "2.318"}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-22T02:24Z"}

7.5 /10