Identifier

CVE-2020-2250

Package Slug

maven/org.jenkins-ci.plugins/soapui-pro-functional-testing

Vulnerability

Missing Encryption of Sensitive Data

Description

Jenkins SoapUI Pro Functional Testing Plugin stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Affected Versions

All versions up to 1.3

Solution

Upgrade to version 1.4 or above.

Last Modified

2020-09-07

source