CVE-2022-43427

Name of the Vulnerable Software and Affected Versions Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier

Description The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a lack of permission checks in several HTTP endpoints.

Recommendations For versions 2.4.8 and earlier, consider restricting access to the affected HTTP endpoints until a patch is available. As a temporary workaround, review and limit the use of Overall/Read permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.