20 matches found
EUVD-2025-20838
Malicious code in bioql PyPI...
EUVD-2025-20837
Malicious code in bioql PyPI...
The vulnerability of the Jenkins automation server plugin Xooa lies in the storage of tokens in an unencrypted form, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server plugin Xooa is related to the storage of tokens in an unencrypted form in the file io.jenkins.plugins.xooa.GlobConfig.xml. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
CVE-2025-53677
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53676
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
GHSA-23J7-PX3W-JWP2 Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
GHSA-56H7-R62C-83QP Jenkins Xooa Plugin vulnerability exposes unencrypted tokens to authenticated users
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53676
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53676
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53677
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53677
CVE-2025-53677 affects Jenkins Xooa Plugin versions 0.0.7 and earlier. The token is not masked on the global configuration form, enabling potential observation/capture of the Xooa Deployment Token by users with access to the Jenkins controller/file system. Remediation: update to a newer plugin ve...
CVE-2025-53677
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53677
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53676
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53676
Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
PT-2025-28929 · Jenkins · Jenkins Xooa Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Xooa Plugin versions 0.0.7 and earlier Description: The Jenkins Xooa Plugin does not mask the Xooa Deployment Token on the global configuration form, potentially allowing attackers to observe and capture it. Recommendations: Update to...
Jenkins plugin Xooa 安全漏洞
Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...
PT-2025-28928 · Jenkins · Jenkins Xooa Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Xooa Plugin versions 0.0.7 and earlier Description: The Jenkins Xooa Plugin stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller. This allows users with access to the Jenkins controll...