1270 matches found
Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the job configuration form. An attacker can obtain sensitive API keys by viewing the exposed values in the configuration interface. Remediation There is no fixed version for...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53668
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53671
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53661
Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53661
Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53743
Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53743
The CVE-2025-53743 entry affects Jenkins Applitools Eyes Plugin (versions 1.16.5 and earlier). The underlying issue is that Applitools API keys are displayed on the job configuration form and are not masked, enabling potential observation or capture by users with access. Publicly detailed referen...
CVE-2025-53742
CVE-2025-53742 affects Jenkins Applitools Eyes Plugin 1.16.5 and earlier. The vulnerability arises because Applitools API keys are stored unencrypted in job config.xml files on the Jenkins controller, allowing view by users with Item/Extended Read permission or access to the Jenkins controller fi...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53671
CVE-2025-53671 affects Jenkins Nouvola DiveCloud Plugin (versions 1.08 and earlier). The root cause is that DiveCloud API keys and Credentials Encryption Keys are displayed on the job configuration form and not masked, enabling observers with appropriate access to view them. Impact is exposure of...
CVE-2025-53670
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53670
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53670
The CVE-2025-53670 entry applies to Jenkins Nouvola DiveCloud Plugin, affected versions prior to 1.09. The underlying issue is that DiveCloud API Keys and Credentials Encryption Keys are stored unencrypted in job config.xml files on the Jenkins controller, making them readable by users with Item/...