GHSA-x5gv-5rqv-654m

Suggest an improvement
Source
https://github.com/advisories/GHSA-x5gv-5rqv-654m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-x5gv-5rqv-654m/GHSA-x5gv-5rqv-654m.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-x5gv-5rqv-654m
Aliases
  • CVE-2022-43427
Published
2022-10-19T19:00:18Z
Modified
2024-01-05T17:18:06.576537Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Details

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Database specific
{
    "nvd_published_at": "2022-10-19T16:15:00Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-19T21:22:17Z"
}
References

Affected packages

Maven / com.compuware.jenkins:compuware-topaz-for-total-test

Package

Name
com.compuware.jenkins:compuware-topaz-for-total-test
View open source insights on deps.dev
Purl
pkg:maven/com.compuware.jenkins/compuware-topaz-for-total-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.9

Affected versions

1.*

1.8
1.8.1
1.8.2

2.*

2.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.1.3
2.2.0
2.2.1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.3.12
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.7
2.4.8

Database specific

{
    "last_known_affected_version_range": "<= 2.4.8"
}