MSTest Plugin
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24441 | 0.00 | — | 0.02 | Jan 24, 2023 | Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2022-41243 | 0.00 | — | 0.00 | Sep 21, 2022 | Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. | |||
| CVE-2020-2273 | 0.00 | — | 0.00 | Sep 16, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||
| CVE-2020-2274 | 0.00 | — | 0.00 | Sep 16, 2020 | Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | |||
| CVE-2020-2272 | 0.00 | — | 0.00 | Sep 16, 2020 | A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||
| CVE-2020-2129 | 0.00 | — | 0.00 | Feb 12, 2020 | Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. |
- CVE-2023-24441Jan 24, 2023risk 0.00cvss —epss 0.02
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-41243Sep 21, 2022risk 0.00cvss —epss 0.00
Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.
- CVE-2020-2273Sep 16, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2020-2274Sep 16, 2020risk 0.00cvss —epss 0.00
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
- CVE-2020-2272Sep 16, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2020-2129Feb 12, 2020risk 0.00cvss —epss 0.00
Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.