EUVD-2025-20846

Malicious code in bioql PyPI...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-8GP3-M447-GW2V Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

Jenkins VAddy Plugin vulnerability exposes plaintext keys on its job configuration form

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

GHSA-MR49-VMP6-2PWQ Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins VAddy Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53668

Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53668

The CVE concerns Jenkins VAddy Plugin prior to 1.2.9. The plugin stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, enabling access by users with Item/Extended Read permission or anyone with filesystem access to the controller. The root cause is unencrypted ...

CVE-2025-53669

CVE-2025-53669 affects the Jenkins VAddy Plugin (versions 1.2.8 and earlier). The vulnerability arises because Vaddy API Auth Keys are displayed on the job configuration form without masking, enabling potential observers to view or capture them. Impact is exposure of sensitive API keys, as descri...

CVE-2025-53669

Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

PT-2025-28921 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions 1.2.8 and earlier Description: The Jenkins VAddy Plugin does not mask Vaddy API Auth Keys displayed on the job configuration form, potentially allowing attackers to observe and capture them. Recommendations: Upda...