-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:soapui-pro-functional-testing | maven | <= 1.3 | 1.4 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of sensitive data in configuration persistence. Jenkins plugins typically use XStream serialization and the Secret class for credentials. The functions responsible for (1) configuring plugin settings (ProPluginImpl#configure) and (2) exposing password values (ProBuilder#getPassword) would directly control how passwords are stored. The CWE-256/CWE-311 alignment confirms plaintext storage patterns, and the fix in v1.4 implies encryption was added to these configuration pathways.
Ongoing coverage of React2Shell