Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected Packages

Maven com.compuware.jenkins:compuware-topaz-for-total-test

Affected versions: 0 (fixed in 2.4.9)

Related CVEs

CVE-2022-43427

Key Information

GHSA ID

GHSA-x5gv-5rqv-654m

Published

October 19, 2022 7:00 PM

Last Modified

October 25, 2022 8:35 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.compuware.jenkins:compuware-topaz-for-total-test

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.