Description
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2624
Related Vulnerabilities
CVE-2021-41411 Vulnerability in maven package org.drools:drools-core
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2020-5497 Vulnerability in maven package org.mitre:openid-connect-common
CVE-2016-2510 Vulnerability in maven package org.apache-extras.beanshell:bsh
CVE-2021-21626 Vulnerability in maven package io.jenkins.plugins:warnings-ng