CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-45392

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

PT-2020-15342 · Jenkins · Jenkins Applatix Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applatix Plugin versions 1.1 and earlier Description: The issue allows unauthorized access to unencrypted passwords stored in job config.xml files on the Jenkins master. Users with Extended Read permission or access to the master file...

PT-2019-11815 · Jenkins · Jenkins Azure Event Grid Build Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Event Grid Build Notifier Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, the...

PT-2019-11816 · Jenkins · Jenkins Call Remote Job Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Call Remote Job Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. This allows users with Extende...

CVE-2019-10294

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003054

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11685 · Jenkins · Jenkins Mabl Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins mabl Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be accessed by user...