Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API tokens on the job configuration form, which allows an attacker to observe and capture these tokens...

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

EUVD-2025-36653

Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form...

Cleartext Transmission of Sensitive Information

Overview io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64145

CVE-2025-64145 affects the Jenkins ByteGuard Build Actions Plugin 1.0. It states that API tokens are not masked in the job configuration form, increasing the risk that tokens can be observed or captured by nearby users or via accessible UI/config files. The provided documents do not specify a con...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Summary: CVE-2025-64144 affects the Jenkins ByteGuard Build Actions Plugin (version 1.0, and earlier). It stores API tokens unencrypted in job config.xml files on the Jenkins controller, enabling tokens to be viewed by users with Item/Extended Read permission or by anyone with access to the contr...

PT-2025-44294

Name of the Vulnerable Software and Affected Versions Jenkins ByteGuard Build Actions Plugin version 1.0 Description The Jenkins ByteGuard Build Actions Plugin version 1.0 does not properly mask API tokens displayed on the job configuration form. This can allow attackers to observe and capture...

Jenkins ByteGuard Build Actions Plugin 安全漏洞

Jenkins ByteGuard Build Actions Plugin is an open source pipeline validation plugin for Jenkins. A security vulnerability exists in version 1.0 of the Jenkins ByteGuard Build Actions Plugin, which stems from an unmasked API token on a job configuration form, which could lead to an attacker...

Jenkins plugin ByteGuard Build Actions 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-44293

Name of the Vulnerable Software and Affected Versions Jenkins ByteGuard Build Actions Plugin version 1.0 Description The Jenkins ByteGuard Build Actions Plugin version 1.0 stores API tokens unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with...

CVE-2019-10324

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseActiondoSubmit, GradleReleaseApiActiondoStaging, MavenReleaseApiActiondoStaging, and UnifiedPromoteBuildActiondoSubmit allowed attackers to schedule a release build, perform release staging for...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

SUSE CVE-2013-7330

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions...

Jenkins allows attackers to configure restricted projects

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions...