CVE-2020-2251
MEDIUM4.3EPSS 0.04%Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Published: 5/24/2022Modified: 4/3/2025
Description
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
Affected packages (2)
- Bitnami/jenkinsfrom 0, < 2.236.0
- Maven/org.jenkins-ci.plugins:soapui-pro-functional-testingfrom 0, < 1.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-2251
- PATCHhttps://github.com/jenkinsci/soapui-pro-functional-testing-plugin
- WEBhttps://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)
- WEBhttps://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29
- WEBhttp://www.openwall.com/lists/oss-security/2020/09/01/3