Jenkins OpenShift Pipeline Plugin 安全漏洞

Jenkins OpenShift Pipeline Plugin is an open source pipeline plugin for Jenkins. A security vulnerability exists in Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier versions, which stems from an authorization token that is not encrypted and stored in the job config.xml file of the Jenkins...

EUVD-2023-1248

Malicious code in bioql PyPI...

EUVD-2024-1539

Malicious code in bioql PyPI...

EUVD-2025-20838

Malicious code in bioql PyPI...

EUVD-2022-3175

Malicious code in bioql PyPI...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53676

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

PT-2025-28925 · Jenkins · Jenkins Sensedia Api Platform Tools Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Sensedia Api Platform Tools Plugin version 1.0 Description: The Jenkins Sensedia Api Platform Tools Plugin stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller. This...

PT-2025-28928 · Jenkins · Jenkins Xooa Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Xooa Plugin versions 0.0.7 and earlier Description: The Jenkins Xooa Plugin stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller. This allows users with access to the Jenkins controll...

Jenkins plugin Dead Man s Snitch 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

CVE-2024-34147

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2020-2126

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...

Jenkins plugins Multiple Vulnerabilities (2024-05-02)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...

GHSA-96C7-FQXV-RMV7 Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

PT-2023-22759 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: Jenkins Consul KV Builder Plugin versions 2.0.13 and earlier Description: The issue concerns the storage of the HashiCorp Consul ACL Token in the global configuration file on the Jenkins controller. This token is stored unencrypted and can be...

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Vmware vRealize CodeStream Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...

PT-2020-15527 · Jenkins · Jenkins Sms Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SMS Notification Plugin versions 1.2 and earlier Description: The issue concerns the storage of an access token in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the file...

CVE-2020-2126

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...