GHSA-3FM2-HX3H-XM4V Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

EUVD-2025-202450

Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

CVE-2023-49653

CVE-2023-49653 affects the Jenkins Jira Plugin (versions 3.11 and earlier). The root cause is that the plugin does not set the appropriate context for credentials lookup, enabling attackers with Item/Configure permission to access and capture credentials they are not entitled to. Remediation: upg...

CVE-2023-46651

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...

PT-2023-6484 · Jenkins · Jenkins Warnings Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Plugin versions 10.5.0 and earlier Description: The issue is related to information disclosure, allowing remote attackers to gain unauthorized access to protected information. Specifically, it does not set the appropriate...

Improper Access Control

maven-artifact-choicelistprovider is vulnerable to Improper Access Control. The vulnerability exists because the library does not set the appropriate context for credentials lookup, which allows an attacker with Item or Configure permission to access and capture credentials they are not entitled ...

Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

CVE-2023-37951

Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

PT-2023-19585 · Jenkins · Jenkins Kubernetes Credentials Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier Description: The issue allows attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to,...