GHSA-x5gv-5rqv-654m

Source

https://github.com/advisories/GHSA-x5gv-5rqv-654m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-x5gv-5rqv-654m/GHSA-x5gv-5rqv-654m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x5gv-5rqv-654m

Aliases

CVE-2022-43427

Published

2022-10-19T19:00:18Z

Modified

2024-02-16T08:21:53.187950Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins

Details

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-862"
    ],
    "nvd_published_at": "2022-10-19T16:15:00Z",
    "github_reviewed_at": "2022-10-19T21:22:17Z",
    "severity": "MODERATE"
}

References

Affected packages

Maven / com.compuware.jenkins:compuware-topaz-for-total-test

Package

Name: com.compuware.jenkins:compuware-topaz-for-total-test; View open source insights on deps.dev
Purl: pkg:maven/com.compuware.jenkins/compuware-topaz-for-total-test

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.9

Affected versions

1.*

1.8

1.8.1

1.8.2

2.*

2.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.2.3

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.3.10

2.3.11

2.3.12

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.7

2.4.8

Database specific

last_known_affected_version_range

"<= 2.4.8"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-x5gv-5rqv-654m/GHSA-x5gv-5rqv-654m.json"