Advisories for Maven/Org.jenkins-Ci.plugins/TestComplete package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XML Entity Expansion in Jenkins TestComplete support Plugin

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

2020

Insufficiently Protected Credentials

Jenkins TestComplete support Plugin stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.