Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NWd2LTVycXYtNjU0bc4AAvdH
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Permalink: https://github.com/advisories/GHSA-x5gv-5rqv-654mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NWd2LTVycXYtNjU0bc4AAvdH
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-x5gv-5rqv-654m, CVE-2022-43427
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-43427
- https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2623
- http://www.openwall.com/lists/oss-security/2022/10/19/3
- https://github.com/jenkinsci/compuware-topaz-for-total-test-plugin/commit/0ba4274d545eac39e3db48b5dfb4512db3242946
- https://github.com/advisories/GHSA-x5gv-5rqv-654m
Blast Radius: 1.0
Affected Packages
maven:com.compuware.jenkins:compuware-topaz-for-total-test
Affected Version Ranges: <= 2.4.8Fixed in: 2.4.9