CVE-2022-43428: Protection Mechanism Failure

October 19, 2022 (updated October 20, 2022)

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

References

www.openwall.com/lists/oss-security/2022/10/19/3
github.com/advisories/GHSA-xp3r-9wx8-q2mm
nvd.nist.gov/vuln/detail/CVE-2022-43428
www.jenkins.io/security/advisory/2022-10-19/

Code Behaviors & Features

Detect and mitigate CVE-2022-43428 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →