WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2250 Vulnerability in maven package org.jenkins-ci.plugins:soapui-pro-functional-testing

Description

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29

Related Vulnerabilities

CVE-2020-36618 Vulnerability in npm package whois

CVE-2021-21342 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2019-10744 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2015-8862 Vulnerability in maven package org.webjars.bower:mustache

CVE-2022-2047 Vulnerability in maven package org.eclipse.jetty:jetty-http

Severity

High

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory