22 matches found
EUVD-2022-3564
Malicious code in bioql PyPI...
Insufficiently Protected Credentials
Overview org.jenkins-ci.plugins:soapui-pro-functional-testing is a plugin used to run SoapUI Pro tests from Jenkins builds. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where SLM License Access Keys, client secrets, and...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
CVE-2020-12835
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...
BIT-JENKINS-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
SUSE CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
SUSE CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51385)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51386)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
Design/Logic Flaw
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2251
CVE-2020-2251 affects the Jenkins SoapUI Pro Functional Testing Plugin (versions up to 1.5). The issue, described in multiple sources, is that project passwords are transmitted in plain text as part of job configuration forms within the plugin, creating a potential information disclosure risk. Se...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
PT-2020-15475 · Smartbear +2 · Readyapi Functional Testing Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.5 and earlier ReadyAPI Functional Testing Plugin versions 1.5 and earlier Jenkins versions prior to 2.236, including 2.235.x LTS Description: The issue concerns the transmission of proje...
CVE-2020-12835
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...