545 matches found
CVE-2019-1003089
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003096
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003054
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10467
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003056
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10422
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003088
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10449
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003061
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10366
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10348
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2025-47274
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...
CVE-2025-47274
CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...
CVE-2025-31726
Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files
Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...
CVE-2025-31727
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-31726
CVE-2025-31726 affects Jenkins Stack Hammer Plugin versions 1.0.6 and earlier. The root cause is unencrypted storage of Stack Hammer API keys inside job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller f...
CVE-2025-31726
Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...