Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Related Vulnerabilities

CVE-2019-15608 Vulnerability in maven package org.webjars.npm:yarn

CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job-core

CVE-2019-10785 Vulnerability in maven package org.webjars.npm:dojox

CVE-2019-0199 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-16562 Vulnerability in maven package org.jenkins-ci.plugins:buildgraph-view

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory