CVE-2022-43428

Name of the Vulnerable Software and Affected Versions Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier

Description The issue allows attackers who can control agent processes to obtain the values of Java system properties from the Jenkins controller process due to an agent/controller message that does not limit where it can be executed. These vulnerabilities are only exploitable in certain versions of Jenkins.

Recommendations For Jenkins Compuware Topaz for Total Test Plugin versions 2.4.8 and earlier, update the plugin to a version later than 2.4.8 to resolve the issue. For Jenkins 2.318 and earlier, LTS 2.303.2 and earlier, upgrade to a newer version, such as Jenkins LTS 2.303.3 or later, following the LTS upgrade guide.