CVE-2023-24443

Summary

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins TestComplete support Pluginunspecified <= 2.8.1affected
Jenkins ProjectJenkins TestComplete support Pluginnext of 2.8.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References