Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API tokens on the job configuration form, which allows an attacker to observe and capture these tokens...

Sensitive Information Exposure

Jenkins ByteGuard Build Actions Plugin is vulnerable to Sensitive Information Exposure. The vulnerability is due to storing API tokens in plaintext within job config.xml files, where the plugin does not encrypt or otherwise protect secret values, and allows attackers with Item/Extended Read...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

EUVD-2025-36653

Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form...

EUVD-2025-36654

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files...

Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

Cleartext Transmission of Sensitive Information

Overview io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64145

CVE-2025-64145 affects the Jenkins ByteGuard Build Actions Plugin 1.0. It states that API tokens are not masked in the job configuration form, increasing the risk that tokens can be observed or captured by nearby users or via accessible UI/config files. The provided documents do not specify a con...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64145

Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64144

Summary: CVE-2025-64144 affects the Jenkins ByteGuard Build Actions Plugin (version 1.0, and earlier). It stores API tokens unencrypted in job config.xml files on the Jenkins controller, enabling tokens to be viewed by users with Item/Extended Read permission or by anyone with access to the contr...

PT-2025-44294

Name of the Vulnerable Software and Affected Versions Jenkins ByteGuard Build Actions Plugin version 1.0 Description The Jenkins ByteGuard Build Actions Plugin version 1.0 does not properly mask API tokens displayed on the job configuration form. This can allow attackers to observe and capture...