Description

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Remediation

References

CVE-2020-2251

Related Vulnerabilities

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.10)

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Cross-Site Scripting (2.1.0.1)

WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)

Oracle JRE CVE-2013-2435 Vulnerability (CVE-2013-2435)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-12629)

Severity

Medium

Classification

CVE-2020-2251 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities