Description
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/09/01/3
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package bitconid-rpc
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css
CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci
CVE-2020-7743 Vulnerability in npm package mathjs
CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-master