Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.

Affected Packages

Maven com.compuware.jenkins:compuware-topaz-for-total-test

Affected versions: 0 (last affected: 2.4.8)

Related CVEs

CVE-2022-43429

Key Information

GHSA ID

GHSA-7fvj-g3wp-29g8

Published

October 19, 2022 7:00 PM

Last Modified

October 25, 2022 8:34 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

com.compuware.jenkins:compuware-topaz-for-total-test

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.