82 matches found
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
Cleartext Transmission of Sensitive Information
Overview com.openshift.jenkins:openshift-pipeline is an OpenShift Pipeline Jenkins Plugin. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to storing authorization tokens unencrypted in config.xml. An attacker can access sensitive informatio...
EUVD-2025-36655
Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files...
CVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-64143
The CVE-2025-64143 issue affects the Jenkins OpenShift Pipeline Plugin, version 1.0.57 and earlier, which stores authorization tokens unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or control‑plane access to view tokens, exposing sens...
Jenkins OpenShift Pipeline Plugin 安全漏洞
Jenkins OpenShift Pipeline Plugin is an open source pipeline plugin for Jenkins. A security vulnerability exists in Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier versions, which stems from an authorization token that is not encrypted and stored in the job config.xml file of the Jenkins...
PT-2025-44292
Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users...
EUVD-2023-1184
Malicious code in bioql PyPI...
EUVD-2023-2079
Malicious code in bioql PyPI...
EUVD-2022-3440
Malicious code in bioql PyPI...
EUVD-2022-5517
Malicious code in bioql PyPI...
EUVD-2022-3922
Malicious code in bioql PyPI...
EUVD-2023-1224
Malicious code in bioql PyPI...
EUVD-2022-4342
Malicious code in bioql PyPI...
EUVD-2022-3658
Malicious code in bioql PyPI...
EUVD-2023-1394
Malicious code in bioql PyPI...
CVE-2023-28677
Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...
CVE-2022-28157
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server...