CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43422
https://notcve.org/view.php?id=CVE-2022-43422
19 Oct 2022 — Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. Jenkins Compuware Topaz Utilities Plugin versiones 1.0.8 y anteriores, implementan un mensaje de agent/controller que no limita dónde puede ser ejecutado, permitiendo a atacantes capaces de controlar los procesos del agente obtener l... • http://www.openwall.com/lists/oss-security/2022/10/19/3 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36895
https://notcve.org/view.php?id=CVE-2022-36895
27 Jul 2022 — A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Compuware Topaz Utilities Plugin versiones 1.0.8 y anteriores, permite a atacantes con permiso Overall/Read enumerar los hosts y puertos de las configuraciones de Compuware y los IDs de las credenciales almacenadas en... • http://www.openwall.com/lists/oss-security/2022/07/27/1 • CWE-862: Missing Authorization •