WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2250 Vulnerability in maven package org.jenkins-ci.plugins:soapui-pro-functional-testing

Description

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29

Related Vulnerabilities

CVE-2020-6458 Vulnerability in npm package electron

CVE-2022-43402 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps

CVE-2022-36885 Vulnerability in maven package com.coravy.hudson.plugins.github:github

CVE-2015-8856 Vulnerability in npm package serve-index

CVE-2022-24846 Vulnerability in maven package org.geowebcache:gwc-diskquota-jdbc

Severity

High

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory