Jenkins Project Jenkins Testcomplete Support Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_testcomplete_support_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-33002MEDIUMCVSS 5.4≤ 2.8.12023-05-16
CVE-2023-33002 [MEDIUM] CWE-79 CVE-2023-33002: Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name,
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
cvelistv5nvd
CVE-2023-24443CRITICALCVSS 9.8≥ unspecified, ≤ 2.8.12023-01-26
CVE-2023-24443 [CRITICAL] CWE-611 CVE-2023-24443: Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent X
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
cvelistv5nvd
CVE-2020-2209MEDIUMCVSS 4.3≥ unspecified, ≤ 2.4.12020-07-02
CVE-2020-2209 [MEDIUM] CWE-522 CVE-2020-2209: Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xm
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
cvelistv5nvd