CVE-2022-43422: Protection Mechanism Failure

October 19, 2022

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.

References

www.openwall.com/lists/oss-security/2022/10/19/3
github.com/advisories/GHSA-2x49-wj38-78q9
nvd.nist.gov/vuln/detail/CVE-2022-43422
www.jenkins.io/security/advisory/2022-10-19/

Detect and mitigate CVE-2022-43422 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →