CVE-2020-2251

Опубликовано: 01 сент. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2020/09/01/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29
http://www.openwall.com/lists/oss-security/2020/09/01/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:jenkins:*:*

Версия до 2.236 (исключая)

cpe:2.3:a:jenkins:soapui_pro_functional_testing:*:*:*:*:*:jenkins:*:*

Версия до 1.5 (включая)

EPSS

Процентиль: 13%

0.00042

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-q4qq-8q2r-g2f2