Lucene search
K

377 matches found

Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.4 views

PT-2025-50355

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier Description Jenkins stores build authorization tokens unencrypted in config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission, ...

4.3CVSS6.4AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.5 views

PT-2025-48702

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...

6.8AI score0.0016EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.2 views

CVE-2025-59701

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...

6.4AI score0.0016EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/02 12:0 a.m.4 views

EUVD-2025-200253

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...

4.1CVSS6.3AI score0.0016EPSS
Exploits1References3
OSV
OSV
added 2025/10/29 3:31 p.m.4 views

GHSA-HV42-CRPX-Q355 Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

4.3CVSS6.7AI score0.00237EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/29 3:31 p.m.5 views

Cleartext Transmission of Sensitive Information

Overview com.openshift.jenkins:openshift-pipeline is an OpenShift Pipeline Jenkins Plugin. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to storing authorization tokens unencrypted in config.xml. An attacker can access sensitive informatio...

5.3CVSS6.5AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 3:31 p.m.4 views

Cleartext Transmission of Sensitive Information

Overview io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to...

5.3CVSS7.1AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 3:31 p.m.5 views

GHSA-2VMR-8C82-X8XQ Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References4
OSV
OSV
added 2025/10/29 3:31 p.m.6 views

GHSA-VMM2-53RC-43V3 Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.12 views

Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/29 2:15 p.m.6 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.10 views

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.00179EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.9 views

Jenkins Curseforge Publisher Plugin 安全漏洞

Jenkins Curseforge Publisher Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in version 1.0 of the Jenkins Curseforge Publisher Plugin that stems from unencrypted storage of API keys, which could lead to a user viewing the keys via Item or Extende...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.7 views

Jenkins plugin ByteGuard Build Actions 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

4.3CVSS6.3AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/27 7:43 p.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to unsafe handling of null keyslot algorithms in the cryptactivatebypassphrase function. An attacker can gain unauthorized access to unencrypted persistent storage by exploiting the...

8.3CVSS7AI score0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 7:33 p.m.8 views

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

8.3CVSS0.00105EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

Always Encrypted Kubernetes 数据伪造问题漏洞

Always Encrypted Kubernetes is a container encryption software open source by Edgeless Systems. A data forgery issue vulnerability exists in versions prior to Always Encrypted Kubernetes 2.24.0 that stems from insecure handling of the empty key slot algorithm, which could lead to unencrypted...

8.3CVSS9AI score0.00105EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1716

Malware in sbrugna...

2.1CVSS6.4AI score0.00292EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1325

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00368EPSS
Exploits0References6
Rows per page
Query Builder