XML External Entity (XXE) Injection

Jenkins TestComplete support Plugin is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML parser not being securely configured to disable external entity processing, allowing attackers to supply crafted XML that can access local files or trigger external network...

EUVD-2023-0467

Malicious code in bioql PyPI...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-33002

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Xxe

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

GHSA-R32R-F6WR-CC3W Password stored in plain text by Jenkins TestComplete support Plugin

Jenkins TestComplete support Plugin prior to version 2.5.2 stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Version 2.5.2 contains a patch for this issue...

CVE-2020-2209

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...