Vulnerabilities > Jenkins > Testcomplete Support

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-33002 Cross-site Scripting vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2023-01-26 CVE-2023-24443 XXE vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
network
low complexity
jenkins CWE-611
critical
9.8
2020-07-02 CVE-2020-2209 Insufficiently Protected Credentials vulnerability in Jenkins Testcomplete Support
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
network
low complexity
jenkins CWE-522
4.3