All the vulnerabilites related to jenkins - soapui_pro_functional_testing
Vulnerability from fkie_nvd
Published
2020-09-01 14:15
Modified
2024-11-21 05:25
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
References
jenkinsci-cert@googlegroups.comhttp://www.openwall.com/lists/oss-security/2020/09/01/3Mailing List, Third Party Advisory
jenkinsci-cert@googlegroups.comhttps://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/09/01/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29
Impacted products
Vendor Product Version
jenkins jenkins *
jenkins soapui_pro_functional_testing *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "912F0FF7-DFF5-40D3-AC32-5EE4F7383C35",
              "versionEndExcluding": "2.236",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jenkins:soapui_pro_functional_testing:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "E85194F7-BFAC-4F65-A82C-7470A2B43E20",
              "versionEndIncluding": "1.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure."
    },
    {
      "lang": "es",
      "value": "Jenkins SoapUI Pro Functional Testing Plugin versiones 1.5 y anteriores, transmite contrase\u00f1as del proyecto dentro de su configuraci\u00f3n en texto plano como parte de los formularios de configuraci\u00f3n del trabajo, resultando potencialmente en su exposici\u00f3n"
    }
  ],
  "id": "CVE-2020-2251",
  "lastModified": "2024-11-21T05:25:05.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-01T14:15:13.487",
  "references": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29"
    }
  ],
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-01 14:15
Modified
2024-11-21 05:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
References
jenkinsci-cert@googlegroups.comhttp://www.openwall.com/lists/oss-security/2020/09/01/3Mailing List, Third Party Advisory
jenkinsci-cert@googlegroups.comhttps://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/09/01/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29
Impacted products
Vendor Product Version
jenkins soapui_pro_functional_testing *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:soapui_pro_functional_testing:*:*:*:*:*:jenkins:*:*",
              "matchCriteriaId": "97100215-06DF-4210-8477-3986EA8F3C74",
              "versionEndIncluding": "1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system."
    },
    {
      "lang": "es",
      "value": "Jenkins SoapUI Pro Functional Testing Plugin versiones 1.3 y anteriores, almacenan contrase\u00f1as de proyectos sin cifrar en archivos config.xml de trabajo en el controlador de Jenkins, donde pueden ser visualizadas por los atacantes con permiso de Lectura Extendido o acceder al sistema de archivos del controlador de Jenkins"
    }
  ],
  "id": "CVE-2020-2250",
  "lastModified": "2024-11-21T05:25:05.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-01T14:15:13.363",
  "references": [
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
    },
    {
      "source": "jenkinsci-cert@googlegroups.com",
      "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29"
    }
  ],
  "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-2250
Vulnerability from cvelistv5
Published
2020-09-01 13:50
Modified
2024-08-04 07:01
Severity ?
Summary
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
References
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/09/01/3mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:01:41.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29"
          },
          {
            "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins SoapUI Pro Functional Testing Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:07:51.801Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29"
        },
        {
          "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins SoapUI Pro Functional Testing Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256: Unprotected Storage of Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(1)",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(1)"
            },
            {
              "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2250",
    "datePublished": "2020-09-01T13:50:35",
    "dateReserved": "2019-12-05T00:00:00",
    "dateUpdated": "2024-08-04T07:01:41.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2251
Vulnerability from cvelistv5
Published
2020-09-01 13:50
Modified
2024-08-04 07:01
Severity ?
Summary
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
References
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/09/01/3mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:01:41.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29"
          },
          {
            "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins SoapUI Pro Functional Testing Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "1.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "next of 1.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:07:53.003Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29"
        },
        {
          "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2251",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins SoapUI Pro Functional Testing Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.5"
                          },
                          {
                            "version_affected": "?\u003e",
                            "version_value": "1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-319: Cleartext Transmission of Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)"
            },
            {
              "name": "[oss-security] 20200901 Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/09/01/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2251",
    "datePublished": "2020-09-01T13:50:35",
    "dateReserved": "2019-12-05T00:00:00",
    "dateUpdated": "2024-08-04T07:01:41.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}