Home

CVE-2020-2250

Description

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.226

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-2250 are fixed in Jenkins - soapui-pro-functional-testing 1.4Windows
Vulnerabilities CVE-2020-2250 are fixed in Jenkins - soapui-pro-functional-testing for Linux 1.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234