CVE-2022-43429

Опубликовано: 19 окт. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

Ссылки

http://www.openwall.com/lists/oss-security/2022/10/19/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/19/3
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:jenkins:compuware_topaz_for_total_test:*:*:*:*:*:jenkins:*:*

Версия до 2.4.8 (включая)

Одно из

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Версия до 2.303.2 (включая)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

Версия до 2.318 (включая)

EPSS

Процентиль: 71%

0.00664

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-284

Связанные уязвимости

GHSA-7fvj-g3wp-29g8