CVE-2022-43427
Description
Jenkins Compuware Topaz for Total Test Plugin ≤2.4.8 lacks permission checks in HTTP endpoints, allowing attackers with Overall/Read to enumerate stored credential IDs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Compuware Topaz for Total Test Plugin ≤2.4.8 lacks permission checks in HTTP endpoints, allowing attackers with Overall/Read to enumerate stored credential IDs.
Vulnerability
Overview CVE-2022-43427 describes a missing permission check vulnerability in the Jenkins Compuware Topaz for Total Test Plugin, versions 2.4.8 and earlier. Several HTTP endpoints in the plugin do not perform any authorization checks before processing requests. This is a classic authorization bypass in a Jenkins plugin, where endpoints intended to require administrative or item-configure permissions are left unprotected [1][3].
Exploitation
To exploit this flaw, an attacker only needs the Overall/Read permission, which is typically granted to low-privileged users (e.g., authenticated users with read-only access). The vulnerable endpoints, such as doFillConnectionIdItems and doFillCredentialsIdItems, directly expose credential information without verifying that the caller is authorized. The plugin fails to call Jenkins.get().checkPermission(Jenkins.ADMINISTER) or project.checkPermission(Item.CONFIGURE) when the project context is null or the user lacks sufficient rights [4].
Impact
An attacker can enumerate the IDs of credentials stored in Jenkins. While this does not expose the actual credential secrets (e.g., passwords or keys), knowledge of credential IDs can aid in further attacks, such as using those IDs in other plugin endpoints or in pipeline scripts that reference credentials by ID. This information disclosure weakens the overall security posture of the Jenkins instance [2].
Remediation
The issue is fixed in version 2.4.9 of the Compuware Topaz for Total Test Plugin. The fix adds proper permission checks using Jenkins.ADMINISTER and Item.CONFIGURE before returning credential-related data [4]. Users should update the plugin immediately. No workaround is available in older versions; upgrading is the only mitigation.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.compuware.jenkins:compuware-topaz-for-total-testMaven | < 2.4.9 | 2.4.9 |
Affected products
2- Range: unspecified
Patches
10ba4274d545eSECURITY-2624:Missing permission check (#51)
2 files changed · +39 −4
src/main/java/com/compuware/jenkins/totaltest/TotalTestBuilder.java+14 −1 modified@@ -2,7 +2,7 @@ * The MIT License (MIT) * * Copyright (c) 2015 - 2020 Compuware Corporation - * + * (c) Copyright 2020 - 2022 BMC Software, Inc. * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, * modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the @@ -798,6 +798,13 @@ public FormValidation doCheckCredentialsId(@QueryParameter final String value) public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId, @AncestorInPath Item project) { + + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } + CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get(); HostConnection[] hostConnections = globalConfig.getHostConnections(); @@ -856,6 +863,12 @@ public ListBoxModel doFillCcPgmTypeItems(@AncestorInPath Jenkins context, @Query */ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath final Jenkins context, @QueryParameter final String credentialsId, @AncestorInPath final Item project) { + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } + List<StandardUsernamePasswordCredentials> creds = CredentialsProvider .lookupCredentials(StandardUsernamePasswordCredentials.class, project, ACL.SYSTEM, Collections.<DomainRequirement> emptyList());
src/main/java/com/compuware/jenkins/totaltest/TotalTestCTBuilder.java+25 −3 modified@@ -2,7 +2,7 @@ * The MIT License (MIT) * * Copyright (c) 2019-2020 Compuware Corporation - * (c) Copyright 2019-2020 BMC Software, Inc. + * (c) Copyright 2019-2020, 2022 BMC Software, Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, @@ -1534,6 +1534,12 @@ public FormValidation doCheckEnvironmentRadio(@QueryParameter String value) public ListBoxModel doFillConnectionIdItems(@AncestorInPath Jenkins context, @QueryParameter String connectionId, @AncestorInPath Item project) { + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } + CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get(); HostConnection[] hostConnections = globalConfig.getHostConnections(); @@ -1644,6 +1650,11 @@ public FormValidation doCheckAccountInfo(@QueryParameter final String value) public ListBoxModel doFillCredentialsIdItems(@AncestorInPath final Jenkins context, //NOSONAR @QueryParameter final String credentialsId, @AncestorInPath final Item project) { + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } List<StandardUsernamePasswordCredentials> creds = CredentialsProvider.lookupCredentials( StandardUsernamePasswordCredentials.class, project, ACL.SYSTEM, Collections.<DomainRequirement> emptyList()); @@ -1678,9 +1689,14 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath final Jenkins conte * @return serverUrl selections * */ - public ListBoxModel doFillServerUrlItems(@QueryParameter String serverUrl) + public ListBoxModel doFillServerUrlItems(@QueryParameter String serverUrl,@AncestorInPath final Item project) { - + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } + ListBoxModel model = new ListBoxModel(); model.add(new Option("", "", false)); //$NON-NLS-1$ //$NON-NLS-2$ CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get(); @@ -1740,6 +1756,12 @@ public ListBoxModel doFillServerUrlItems(@QueryParameter String serverUrl) public ListBoxModel doFillServerCredentialsIdItems(@AncestorInPath final Jenkins context, //NOSONAR @QueryParameter final String serverCredentialsId, @AncestorInPath final Item project) { + if (project == null) { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); + } else { + project.checkPermission(Item.CONFIGURE); + } + List<StandardUsernamePasswordCredentials> creds = CredentialsProvider.lookupCredentials( StandardUsernamePasswordCredentials.class, project, ACL.SYSTEM, Collections.<DomainRequirement> emptyList());
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-x5gv-5rqv-654mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43427ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/19/3ghsamailing-listWEB
- github.com/jenkinsci/compuware-topaz-for-total-test-plugin/commit/0ba4274d545eac39e3db48b5dfb4512db3242946ghsaWEB
- www.jenkins.io/security/advisory/2022-10-19/ghsaWEB
News mentions
0No linked articles in our index yet.