CVE-2023-24443

CWE-611XML External Entity (XXE)CWE-776XML Entity Expansion (Billion Laughs)5 documents5 sources
Severity
9.8CRITICAL
EPSS
2.0%
top 16.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Testcomplete Support PluginJenkins Testcomplete Support
Timeline
PublishedJan 26

Description

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
XML Entity Expansion in Jenkins TestComplete support Plugin2023-01-26
OSV
XML Entity Expansion in Jenkins TestComplete support Plugin2023-01-26
CVEList
CVE-2023-24443: Jenkins TestComplete support Plugin 22023-01-24

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-01-242023-01-24