Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/09/01/3

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Related Vulnerabilities

CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-data-file

CVE-2019-10288 Vulnerability in maven package de.e-nexus:jabber-server-plugin

CVE-2020-2212 Vulnerability in maven package org.jenkins-ci.plugins:github-coverage-reporter

CVE-2020-7720 Vulnerability in maven package org.webjars.npm:node-forge

CVE-2022-25926 Vulnerability in npm package window-control

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory