Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Related Vulnerabilities

CVE-2020-2120 Vulnerability in maven package org.jenkins-ci.plugins:fitnesse

CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar

CVE-2020-2117 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-githubnotify-step

CVE-2019-16869 Vulnerability in maven package io.netty:netty-codec-http

CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega-functions

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory