3 matches found
CVE-2023-24443
CVE-2023-24443 concerns Jenkins TestComplete support Plugin, version 2.8.1 and earlier, where the XML parser is not configured to prevent XML external entity (XXE) attacks. The vulnerability is described as high-severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8). The issue i...
CVE-2020-2209
CVE-2020-2209 affects CloudBees Jenkins TestComplete support Plugin versions 2.4.1 and earlier. The issue stems from storing passwords unencrypted in job config.xml on the Jenkins master, allowing access by users with Extended Read permission or direct master filesystem access. Remediation per mu...
CVE-2023-33002
CVE-2023-33002 affects Jenkins TestComplete support Plugin (versions 2.8.1 and earlier). The root cause is that the plugin does not escape the TestComplete project name in its test result page, enabling stored XSS. Impact is limited to attackers with Item/Configure permission who can exploit the ...