Sensitive Information Disclosure

Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing the AWS Secret Key in plaintext in the global configuration file, allowing users with access to the Jenkins controller file system to read and misuse the credential...

Sensitive Information Disclosure

Jenkins Statistics Gatherer Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to failure to mask the AWS Secret Key in the global configuration UI, allowing attackers with configuration access to view and potentially capture the secret value...

EUVD-2025-20860

Malicious code in bioql PyPI...

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53654

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server, related to the storage of the AWS secret key in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server relates to the storage of the AWS secret key in an unencrypted form within the configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml. Exploiting this vulnerability could allow a...

The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server, related to the storage of the AWS secret key in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server relates to the storage of the AWS secret key in an unencrypted form within the configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml. Exploiting this vulnerability could allow a...

Jenkins Statistics Gatherer Plugin does not mask AWS Secret Key

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...

Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration. This key can be viewed by users with access to th...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of the AWS Secret Key in the global configuration file on the controller. An attacker can obtain sensitive credentials by accessing the file system where the configuration file is stored. Remediation...

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53654

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

PT-2025-28907 · Jenkins · Jenkins Statistics Gatherer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin does not mask the AWS Secret Key on the global configuration form and stores it unencrypted in the...

Jenkins plugin Statistics Gatherer 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Jenkins plugin Statistics Gatherer 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28906 · Jenkins · Jenkins Statistics Gatherer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier Description: The Jenkins Statistics Gatherer Plugin stores the AWS Secret Key unencrypted in its global configuration file...

com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0788 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)

org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0788 Source advisory: OSV:GHSA-J7Q5-H445-F7PC...