BIT-JENKINS-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

GHSA-Q4QQ-8Q2R-G2F2 Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration. While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transmitted in plain text as part of the global...

Design/Logic Flaw

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

CVE-2020-2251

CVE-2020-2251 affects the Jenkins SoapUI Pro Functional Testing Plugin (versions up to 1.5). The issue, described in multiple sources, is that project passwords are transmitted in plain text as part of job configuration forms within the plugin, creating a potential information disclosure risk. Se...

CVE-2020-2250

CVE-2020-2250 affects Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier. The underlying issue is that project passwords are stored unencrypted in job config.xml files on the Jenkins controller, enabling disclosure when an attacker has Extended Read permission or file-system access to t...