1262 matches found
CVE-2025-53670
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-3780
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...
The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.
The vulnerability of the QMetry Test Management plugin for the Jenkins automation server lies in the fact that API keys from Qmetry Automation are stored publicly in the config.xml file. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.
The vulnerability of the QMetry Test Management plugin for the Jenkins server relates to the storage of Qmetry Automation API keys in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
Jenkins plugins Multiple Vulnerabilities (2025-07-09)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller,...
Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-Q92V-3F4W-5XG8 Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-8WP4-R84G-GCMW Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API...
Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API...
GHSA-P9GH-RPJW-78QG Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-4V4V-92CX-X4F4 Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the job configuration form. An attacker can obtain sensitive API keys by viewing the exposed values in the configuration interface. Remediation There is no fixed version for...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53668
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53671
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...