Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form where sensitive tokens are displayed in plain text. An attacker can gain unauthorized access to confidential information by viewing exposed tokens during configuration...

Insufficiently Protected Credentials

Overview org.jenkins-ci.plugins:soapui-pro-functional-testing is a plugin used to run SoapUI Pro tests from Jenkins builds. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where SLM License Access Keys, client secrets, and...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the global configuration form where the integration token is not properly masked. An attacker can obtain sensitive authentication credentials by viewing the configuration interface. Remediation...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53671

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53667

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53661

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53674

Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2023-32983

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-30524

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2019-10427

Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2025-31728

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Tenda AC18 Security Vulnerability

Tenda AC18 is a router from Tenda, China. A security vulnerability exists in Tenda AC18 version V15.03.05.05, which is caused by a stack-based buffer overflow in the startIP parameter of the formSetPPTPServer function of the /goform/SetPptpServerCfg file...

Tokens stored in plain text by PaaSLane Estimate Plugin

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Displayed in plain text by Dingding JSON Pusher Plugin

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-50773

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Information Disclosure

Codedx is vulnerable to Information Disclosure. The vulnerability exists because the job configuration form does not mask API keys which allows an attacker to gain access to observe and capture the key information...

GHSA-97WP-63WQ-HFWH Jenkins Ansible Plugin job configuration form does not mask variables

Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...

CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...