12 matches found
CVE-2025-31728
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
GHSA-FV9Q-FQ62-C6QG Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins AsakusaSatellite Plugin Stores API Keys Unencrypted in Job `config.xml` Files
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-31728
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-31727
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-31728
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-31728
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-31728
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-31727
CVE-2025-31727 affects the Jenkins AsakusaSatellite Plugin (versions 0.1.1 and earlier). The root cause is unencrypted storage of AsakusaSatellite API keys in job config.xml files on the Jenkins controller, which can be viewed by users with Item/Extended Read permission or access to the file syst...
CVE-2025-31727
Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-14517 · Jenkins · Jenkins Asakusasatellite Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the storage of AsakusaSatellite API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with...
PT-2025-14518 · Jenkins · Jenkins Asakusasatellite Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the exposure of AsakusaSatellite API keys on the job configuration form, which could allow attackers to observe and capture them. Recommendations: For...