Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

CVE-2020-2251

Related Vulnerabilities

Oracle Database Server CVE-2010-0903 Vulnerability (CVE-2010-0903)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2019-4036)

WordPress Plugin SEO SearchTerms Tagging 2 Multiple Vulnerabilities (1.535)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45473)

Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31043)

Severity

Medium

Classification

CVE-2020-2251 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities