3 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. El complemento TestComplete de Jenkins en su versión 2.8.1 y anteriores no configura su analizador XML para evitar ataques de entidades externas XML (XXE). • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2741 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. Jenkins TestComplete support Plugin versiones 2.4.1 y anteriores, almacena una contraseña sin cifrar en los archivos config.xml de trabajo en el maestro de Jenkins, donde pueden ser visualizados por los usuarios con Permiso de Lectura Extendida o acceso al sistema de archivos maestro • http://www.openwall.com/lists/oss-security/2020/07/02/7 https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686 • CWE-522: Insufficiently Protected Credentials •