191 matches found
PT-2026-41882
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build
A security vulnerability in the Vaadin Maven plugin and Vaadin Gradle plugin exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. See CWE-209 Generation of Error Message Containing Sensitive Information Description A possibl...
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...
EUVD-2022-0614
Malicious code in bioql PyPI...
EUVD-2022-4204
Malicious code in bioql PyPI...
EUVD-2023-2191
Malicious code in bioql PyPI...
EUVD-2023-1976
Malicious code in bioql PyPI...
EUVD-2022-2271
Malicious code in bioql PyPI...
EUVD-2022-7372
Malicious code in bioql PyPI...
EUVD-2022-7371
Malicious code in bioql PyPI...
EUVD-2023-2390
Malicious code in bioql PyPI...
EUVD-2022-2144
Malicious code in bioql PyPI...
EUVD-2025-12534
Malicious code in bioql PyPI...
EUVD-2022-1841
Malicious code in bioql PyPI...
Logging of Excessive Data
Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...
GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...
CVE-2025-53650
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...
CVE-2025-53651
CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...