35 matches found
BIT-JENKINS-2026-53442
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...
CVE-2026-53442
A flaw was found in Jenkins. Secrets submitted via POST config.xml are stored unencrypted in job configuration files on the Jenkins controller. This allows users with 'Item/Extended Read' permission, or those with direct access to the Jenkins controller file system, to view sensitive information...
CVE-2026-53442
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...
CVE-2026-53442
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...
PT-2026-48427
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description Secrets provided via POST config.xml submissions are stored unencrypted in job configuration files on the Jenkins controller. This allows users with Item/Extende...
Jenkins 安全漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...
CVE-2026-25856
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...
EUVD-2026-35135
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...
CVE-2026-25856
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...
CVE-2026-25856
OpenBullet2 (up to version 0.3.2) contains an authenticated remote code execution vulnerability: authenticated users can create/modify job configurations to execute arbitrary C# code on the server, with access to the file system, process spawning, and arbitrary .NET APIs as the process user. The ...
CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...
PT-2026-47343
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...
Iperius Backup 安全漏洞
Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.3 and earlier have a security vulnerability. This vulnerability stems from improper handling of backup job configurations, which may lead to permission management issues...
GHSA-QQJR-HF5H-JX3Q Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins plugin Multiple Vulnerabilities (2026-03-18)
According to its self-reported version number, the version of Jenkins plugins running on the remote web server is affected by multiple vulnerabilities: - Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can...
Sensitive Information Disclosure
Jenkins is vulnerable to Sensitive Information Disclosure. The vulnerability is due to build authorization tokens being stored unencrypted in job configuration files, which allows an attacker with extended read permissions or file system access to view and misuse these credentials...
Missing Authorization
Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...
Sensitive Information Disclosure
Jenkins ReadyAPI Functional Testing Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing license keys, client secrets, and passwords in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the...
Sensitive Information Disclosure
Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...
Cleartext Transmission of Sensitive Information
Overview org.jenkins-ci.plugins:curseforge-publisher is a This plugin allows users to upload build artifacts to CurseForge as mod releases. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within...