Jenkins

Compuware Topaz For Total Test

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-43427

  • EPSS 0.46%
  • Published 19.10.2022 16:15:11
  • Last modified 08.05.2025 19:15:55

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

5.3

CVE-2022-43428

  • EPSS 0.75%
  • Published 19.10.2022 16:15:11
  • Last modified 08.05.2025 19:15:55

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties fro...

7.5

CVE-2022-43429

  • EPSS 0.49%
  • Published 19.10.2022 16:15:11
  • Last modified 08.05.2025 19:15:55

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller ...

7.5

CVE-2022-43430

  • EPSS 0.89%
  • Published 19.10.2022 16:15:11
  • Last modified 08.05.2025 19:15:55

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.