Lucene search
K

545 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.10 views

CVE-2019-1003089

Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.6 views

CVE-2019-1003096

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:40 a.m.10 views

CVE-2019-1003054

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 a.m.8 views

CVE-2019-10467

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:1 a.m.18 views

CVE-2019-1003056

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:31 a.m.14 views

CVE-2019-10422

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.8AI score0.01001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:21 a.m.6 views

CVE-2019-1003088

Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.9 views

CVE-2019-10449

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 a.m.9 views

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.8 views

CVE-2019-10366

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.5AI score0.01482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 a.m.10 views

CVE-2019-10348

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.5AI score0.01668EPSS
Exploits0References1
NVD
NVD
added 2025/05/12 3:16 p.m.17 views

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/12 2:57 p.m.23 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
CVE
CVE
added 2025/05/12 2:57 p.m.47 views

CVE-2025-47274

CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...

2.4CVSS7.2AI score0.00107EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/04 3:39 p.m.28 views

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

5.5CVSS7AI score0.00266EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.33 views

Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

5.5CVSS6.9AI score0.00266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/04/02 3:16 p.m.27 views

CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

5.5CVSS0.00266EPSS
Exploits0References1
OSV
OSV
added 2025/04/02 3:15 p.m.8 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS6.6AI score
Exploits0References1
CVE
CVE
added 2025/04/02 2:59 p.m.69 views

CVE-2025-31726

CVE-2025-31726 affects Jenkins Stack Hammer Plugin versions 1.0.6 and earlier. The root cause is unencrypted storage of Stack Hammer API keys inside job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller f...

5.5CVSS7AI score0.00266EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/02 2:59 p.m.10 views

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

7AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder