Lucene search
K

14 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50355

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins stores build authorization tokens unencrypted in config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission, ...

4.3CVSS6.4AI score0.00153EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.12 views

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/10/29 1:29 p.m.20 views

CVE-2025-64146

CVE-2025-64146 affects the Jenkins Curseforge Publisher Plugin (version 1.0) and older, where API keys are stored unencrypted in job config.xml on the Jenkins controller. This configuration data can be viewed by users with Item/Extended Read permission or by anyone with access to the Jenkins cont...

4.3CVSS6.5AI score0.00158EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5816

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01423EPSS
Exploits0References5
OSV
OSV
added 2025/07/09 4:15 p.m.7 views

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/02 3:31 p.m.4 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:vmanager-plugin is a Jenkins plugin that Integrates Jenkins to Cadence vManager. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in job config.xml files on the Jenkins controller. An attacker can gain unauthorized acce...

5.3CVSS6.8AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 4:50 p.m.2 views

GHSA-5HHG-Q22C-6G39 Jenkins Port Allocator Plugin stores credentials in plain text

Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

4.3CVSS5.9AI score0.01668EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.9 views

PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References7
OSV
OSV
added 2019/10/16 2:15 p.m.7 views

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS5.8AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2019/09/25 4:15 p.m.4 views

CVE-2019-10422

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.2AI score0.01001EPSS
Exploits0References2
OSV
OSV
added 2019/04/04 4:29 p.m.3 views

CVE-2019-1003053

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS5.8AI score0.01365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11378 · Jenkins · Jenkins Fabric Beta Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fabric Beta Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. This allows users with Extended Read...

6.5CVSS6.3AI score0.01226EPSS
Exploits0References6
Rows per page
Query Builder