545 matches found
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53670
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53666
Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53664
Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53664
Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53664
CVE-2025-53664 – Jenkins Apica Loadtest Plugin : The vulnerability affects Jenkins with Apica Loadtest Plugin versions 1.10 and earlier. It stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, making tokens viewable by users with Item/Exte...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
CVE-2025-53653
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53653
CVE-2025-53653 affects Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier. The vulnerability arises from unencrypted storage of Aqua API Scanner Tokens in job config.xml files on the Jenkins controller, making tokens viewable by users with Item/Extended Read permission or anyone with access t...
PT-2025-28920 · Jenkins · Jenkins Vaddy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions prior to 1.2.9 Description: The Jenkins VAddy Plugin stores VAddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible to users with Item/Extended Read permission...
PT-2025-28914 · Jenkins · Jenkins Ifttt Build Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins IFTTT Build Notifier Plugin versions 1.2 and earlier Description: The Jenkins IFTTT Build Notifier Plugin stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller. These keys can be viewed by users...
PT-2025-28927 · Jenkins · Jenkins Warrior Framework Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Warrior Framework Plugin versions 1.2 and earlier Description: The Jenkins Warrior Framework Plugin stores passwords unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission o...
SUSE CVE-2025-30167
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration...
Keyoti SearchUnit 安全漏洞
Keyoti SearchUnit is a web search engine from Keyoti Canada. A security vulnerability exists in Keyoti SearchUnit versions prior to 9.0.0, which stems from a server-side request forgery issue that could result in configuration and log files being read or written...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to the shared %PROGRAMDATA% directory being searched for configuration files. An attacker can introduce unintended behavior and affect other users by creating malicious configuration files in the...
CVE-2023-50776
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-24450
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...