[jenkinsci/testcomplete-plugin] 971003: * Resolving the threat SECURITY-2741 / CVE-2023-24443

Mon, 06 Feb 2023 08:05:27 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/testcomplete-plugin
  Commit: 971003ea578a090ed9a5b9487acb9d2aa93645d3
      
https://github.com/jenkinsci/testcomplete-plugin/commit/971003ea578a090ed9a5b9487acb9d2aa93645d3
  Author: osamasalem <osama.sa...@smartbear.com>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M pom.xml
    M 
src/main/java/com/smartbear/jenkins/plugins/testcomplete/parser/LogNodeUtils.java

  Log Message:
  -----------
  * Resolving the threat SECURITY-2741 / CVE-2023-24443

XXE vulnerability in TestComplete support Plugin
SECURITY-2741 / CVE-2023-24443
Severity (CVSS): High
Affected plugin: TestComplete
Description:
TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser 
to prevent XML external entity (XXE) attacks.

This allows attackers able to control the zip archive input file for the 
'TestComplete Test' build step to have Jenkins parse a crafted file that uses 
external entities for extraction of secrets from the Jenkins controller or 
server-side request forgery.


  Commit: 81dbc255869e76f40132d64c3ec70fbf54e0768a
      
https://github.com/jenkinsci/testcomplete-plugin/commit/81dbc255869e76f40132d64c3ec70fbf54e0768a
  Author: osamasalem <osama__sa...@hotmail.com>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M pom.xml

  Log Message:
  -----------
  Update pom.xml

Co-authored-by: Mark Waite <mark.earl.wa...@gmail.com>


  Commit: cfb0fc3cd807cb72c24424cef98ce39710f2e5fb
      
https://github.com/jenkinsci/testcomplete-plugin/commit/cfb0fc3cd807cb72c24424cef98ce39710f2e5fb
  Author: Filin Igor <796310+melli...@users.noreply.github.com>
  Date:   2023-02-06 (Mon, 06 Feb 2023)

  Changed paths:
    M pom.xml
    M 
src/main/java/com/smartbear/jenkins/plugins/testcomplete/parser/LogNodeUtils.java

  Log Message:
  -----------
  Merge pull request #10 from SmartBear/Solve-xxe-threat

* Resolving XXE threat SECURITY-2741 / CVE-2023-24443


Compare: 
https://github.com/jenkinsci/testcomplete-plugin/compare/194ae55ccc15...cfb0fc3cd807

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/testcomplete-plugin/push/refs/heads/master/194ae5-cfb0fc%40github.com.

Reply via email to