Description
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
Related Vulnerabilities
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2022-31142 Vulnerability in npm package fastify-bearer-auth
CVE-2019-15600 Vulnerability in npm package http_server
CVE-2019-10759 Vulnerability in npm package safer-eval
CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core_2.11