PT-2025-28916 · WordPress +1 · Jenkins Apica Loadtest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Apica Loadtest Plugin versions 1.10 and earlier Description: The Jenkins Apica Loadtest Plugin stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller. These tokens are accessible ...

PT-2025-27611 · Nokia · Nokia Single Ran Baseband

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP Description: The issue is related to an administrative shell input validation fault in the Nokia Single RAN baseband software. An authenticated admin user can potentially...

CVE-2023-30523

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

CVE-2021-21681

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10385

Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2018-7209

An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports...

CVE-2019-10283

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information within config.xml files. An attacker can access sensitive API keys by gaining permissions to read these files or by accessing the Jenkins controller file system. Remediation There is no fixed...

Cleartext Storage of Sensitive Information

Overview org.ukiuni.monitor-remote-job-plugin:monitor-remote-job is a monitor remote job. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information within config.xml files. An attacker can gain unauthorized access to sensitive data by exploiting the visibility...

Missing Encryption of Sensitive Data

Overview org.codefirst.jenkins.asakusasatellite:asakusa-satellite-plugin is an AsakusaSatellite Plugin. Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the storage of API keys in unencrypted form within job config.xml files. An attacker can access...

GHSA-2WXQ-944J-5G2V Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2025-14516 · Jenkins · Jenkins Stack Hammer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Stack Hammer Plugin versions 1.0.6 and earlier Description: The issue concerns the storage of Stack Hammer API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with Extended Read...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

PT-2025-9860 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.499 and earlier, LTS versions 2.492.1 and earlier Description: The issue allows attackers with View/Read permission to view encrypted values of secrets when accessing config.xml of views via REST API or CLI. This occurs...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...