Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Related Vulnerabilities

CVE-2020-8268 Vulnerability in npm package json8-merge-patch

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions

CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory