CVE-2022-43429
Description
Jenkins Compuware Topaz for Total Test Plugin allows attackers with agent control to read arbitrary files on the controller via unrestricted message execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Compuware Topaz for Total Test Plugin allows attackers with agent control to read arbitrary files on the controller via unrestricted message execution.
Vulnerability
Description
The Jenkins Compuware Topaz for Total Test Plugin implements an agent/controller message that does not restrict where it can be executed. This allows the message to be processed on the controller even when sent from an agent, leading to arbitrary file read capabilities [1][2].
Exploitation
An attacker must have control over an agent process, such as by compromising an agent or having the ability to run builds on an agent. By sending a specially crafted message to the controller, the attacker can read arbitrary files from the Jenkins controller's file system [1].
Impact
Successful exploitation allows the attacker to read sensitive files on the controller, including Jenkins secrets, credentials, and configuration files. This can lead to further compromise of the Jenkins environment [2].
Mitigation
The vulnerability is fixed in Compuware Topaz for Total Test Plugin version 2.4.9. Users should upgrade immediately as no workaround is available [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.compuware.jenkins:compuware-topaz-for-total-testMaven | <= 2.4.8 | — |
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-7fvj-g3wp-29g8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-43429ghsaADVISORY
- www.openwall.com/lists/oss-security/2022/10/19/3ghsamailing-listWEB
- www.jenkins.io/security/advisory/2022-10-19/ghsaWEB
News mentions
0No linked articles in our index yet.