6 matches found
EUVD-2023-0467
Malicious code in bioql PyPI...
CVE-2023-33002
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Xxe
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
GHSA-R32R-F6WR-CC3W Password stored in plain text by Jenkins TestComplete support Plugin
Jenkins TestComplete support Plugin prior to version 2.5.2 stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Version 2.5.2 contains a patch for this issue...
CVE-2020-2209
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...