Cross-site Scripting (XSS)

Jenkins Applitools Eyes Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the plugin not escaping the Applitools URL on the build page, where attackers with Item/Configure permission can exploit it to inject malicious scripts...

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of keys in an open manner, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that keys are stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of information in an open manner, allows a malicious actor to gain unauthorized access to the protected information.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that information is stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the...

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the lack of security measures for website structure protection, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the job configuration form, where API keys are not masked. An attacker can obtain sensitive credentials by viewing the exposed API keys during job configuration. Remediation Upgrade...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the storage of unencrypted API keys in config.xml files. An attacker can access sensitive information by obtaining Item/Extended Read permissions or direct access to the controller file...

GHSA-Q92V-3F4W-5XG8 Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

GHSA-JMRV-RXGR-PHVR Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53742

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53658

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2025-53658

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2025-53743

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53658

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Jenkins plugin Applitools Eyes 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Jenkins plugin Applitools Eyes 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Jenkins plugin Applitools Eyes 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

PT-2025-28910 · Jenkins · Jenkins Applitools Eyes Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin does not properly escape the Applitools URL displayed on the build page, leading to a stored cross-site scripting XSS issue. An attacke...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...