CVE-2023-24443 – org.jenkins-ci.plugins:testcomplete

Package

Manager: maven
Name: org.jenkins-ci.plugins:testcomplete
Vulnerable Version: >=0 <2.9

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00094 pctl0.27172

Details

XML Entity Expansion in Jenkins TestComplete support Plugin Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Metadata

Created: 2023-01-26T21:30:18Z
Modified: 2023-02-03T20:36:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-g5mj-c26g-vmpm/GHSA-g5mj-c26g-vmpm.json
CWE IDs: ["CWE-611", "CWE-776"]
Alternative ID: GHSA-g5mj-c26g-vmpm
Finding: F083
Auto approve: 1