The vulnerability of the Stack Hammer plugin on the Jenkins automation server, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Stack Hammer plugin in the Jenkins automation server is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins Stack Hammer Plugin Stores API Keys Unencrypted in Job `config.xml` Files

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31726

CVE-2025-31726 affects Jenkins Stack Hammer Plugin versions 1.0.6 and earlier. The root cause is unencrypted storage of Stack Hammer API keys inside job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller f...

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins plugin Stack Hammer 访问控制错误漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. An access control...

PT-2025-14516 · Jenkins · Jenkins Stack Hammer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Stack Hammer Plugin versions 1.0.6 and earlier Description: The issue concerns the storage of Stack Hammer API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with Extended Read...