CVE-2020-2251

Published: Sep 1, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Affected (2)

Products: Jenkins: Jenkins, Soapui Pro Functional Testing

Jenkins

2 products

Jenkins

Soapui Pro Functional Testing

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Before 2.236
Jenkins Soapui Pro Functional Testing	Up to 1.5

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

http://www.openwall.com/lists/oss-security/2020/09/01/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Source: jenkinsci-cert@googlegroups.com

http://www.openwall.com/lists/oss-security/2020/09/01/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.