GHSA-ccwp-633j-g29v

Source

https://github.com/advisories/GHSA-ccwp-633j-g29v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ccwp-633j-g29v/GHSA-ccwp-633j-g29v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ccwp-633j-g29v

Aliases

CVE-2020-2250

Published

2022-05-24T17:27:07Z

Modified

2024-02-16T08:22:59.065547Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

Details

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system.

ReadyAPI Functional Testing Plugin 1.4 stores project passwords encrypted once affected job configurations are saved again.

Database specific

{
    "nvd_published_at": "2020-09-01T14:15:00Z",
    "cwe_ids": [
        "CWE-256",
        "CWE-311"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-20T22:10:51Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:soapui-pro-functional-testing

Package

Name: org.jenkins-ci.plugins:soapui-pro-functional-testing; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/soapui-pro-functional-testing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4

Affected versions

1.*

1.0

1.1

1.2

1.3

Database specific

{
    "last_known_affected_version_range": "<= 1.3"
}