3 matches found
Sensitive Information Disclosure
Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files
Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...
CVE-2025-64147
CVE-2025-64147 affects the Jenkins Curseforge Publisher Plugin (version 1.0). The vulnerability is that API Keys are displayed unmasked on the job configuration form and stored unencrypted in config files, enabling users with sufficient permissions to observe/capture credentials. Public documents...