Описание
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
Пакеты
Наименование
com.compuware.jenkins:compuware-topaz-for-total-test
maven
Затронутые версииВерсия исправления
<= 2.4.8
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.