Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31726

CVE-2025-31726 affects Jenkins Stack Hammer Plugin versions 1.0.6 and earlier. The root cause is unencrypted storage of Stack Hammer API keys inside job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller f...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2025-14516 · Jenkins · Jenkins Stack Hammer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Stack Hammer Plugin versions 1.0.6 and earlier Description: The issue concerns the storage of Stack Hammer API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with Extended Read...