GHSA-98P6-6428-77V7 Jenkins NeoLoad Plugin stores credentials in cleartext

Jenkins NeoLoad Plugin prior to version 2.2.6 stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins Sofy.AI Plugin stores API token in plain text

Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...

GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials

Azure Event Grid Build Notifier Plugin stores the Azure Event Grid secret key unencrypted in job config.xml files on the Jenkins controller. This key can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is...

Jenkins eggplant-plugin Plugin stores credentials in plain text

Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-3FRC-879C-J9H5 Jenkins Caliper CI Plugin stores credentials in plain text

Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

Jenkins Caliper CI Plugin stores credentials in plain text

Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

GHSA-Q736-RGCP-Q443 Jenkins Gogs Plugin stored credentials in plain text

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...

Jenkins Azure AD Plugin stored the client secret unencrypted

Jenkins Azure AD Plugin stored the client secret unencrypted in the global config.xml configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Azure AD Plugin now stores the client secret encrypted...

GHSA-JCWJ-J574-8J2C Jenkins Azure AD Plugin stored the client secret unencrypted

Jenkins Azure AD Plugin stored the client secret unencrypted in the global config.xml configuration file on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Azure AD Plugin now stores the client secret encrypted...

GHSA-R5JR-82X4-R6J7 Jenkins Crowd Integration Plugin stores credentials in plain text

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-FFV8-X822-FX73 Jenkins TestFairy Plugin stores credentials in plain text

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-45FR-W365-F7PM Jenkins HockeyApp Plugin stores credentials in plain text

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Jenkins HockeyApp Plugin stores credentials in plain text

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-XJRR-5JPV-V6MW Jenkins CloudFormation Plugin stores credentials in plain text

Jenkins CloudFormation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. A fix was released for this issue...

GHSA-577W-62CP-F67H Jenkins Trac Publisher Plugin stores credentials in plain text

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins wildFly Deployer Plugin stores credentials in plain text

Jenkins WildFly Deployer Plugin stores deployment credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins Upload to pgyer Plugin stores credentials in plain text

Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-9M3C-XFHF-53MH Jenkins DeployHub Plugin stores credentials in plain text

Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

GHSA-PH9F-H462-J5JG Jenkins Diawi Upload Plugin stores credentials in plain text

Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...