CVE-2022-43428

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/10/19/3	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624	Vendor Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:jenkins:compuware_topaz_for_total_test:*:*:*:*:*:jenkins:*:*

OR	cpe:2.3:a:jenkins:jenkins:::::lts:::*
	cpe:2.3:a:jenkins:jenkins:::::-:::*

History

08 May 2025, 19:15

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 - Vendor Advisory~~	() https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624 - Vendor Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2022/10/19/3 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2022/10/19/3 - Mailing List, Third Party Advisory

03 Nov 2023, 01:39

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo

25 Oct 2023, 18:17

Type	Values Removed	Values Added
CWE	~~CWE-693~~

Information

Published : 2022-10-19 16:15

Updated : 2025-05-08 19:15

NVD link : CVE-2022-43428

Mitre link : CVE-2022-43428

JSON object : View

Products Affected

jenkins

compuware_topaz_for_total_test
jenkins

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3", "name": "[oss-security] 20221019 Multiple vulnerabilities in Jenkins plugins", "tags": ["Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "name": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-43428", "ASSIGNER": "jenkinsci-cert@googlegroups.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2022-10-19T16:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:compuware_topaz_for_total_test:*:*:*:*:*:jenkins:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.4.8"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "2.303.2"}, {"cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": false, "versionEndIncluding": "2.318"}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-08T19:15Z"}