145 matches found
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
EUVD-2026-30891
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build
A security vulnerability in the Vaadin Maven plugin and Vaadin Gradle plugin exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. See CWE-209 Generation of Error Message Containing Sensitive Information Description A possibl...
EUVD-2023-1976
Malicious code in bioql PyPI...
EUVD-2023-2390
Malicious code in bioql PyPI...
EUVD-2022-2271
Malicious code in bioql PyPI...
EUVD-2022-4204
Malicious code in bioql PyPI...
EUVD-2022-1841
Malicious code in bioql PyPI...
EUVD-2022-0614
Malicious code in bioql PyPI...
EUVD-2022-7372
Malicious code in bioql PyPI...
EUVD-2022-7371
Malicious code in bioql PyPI...
EUVD-2025-12534
Malicious code in bioql PyPI...
Logging of Excessive Data
Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Logging of Excessive Data in the publishReports functionality. An attacker can obtain sensitive information about the file system structure by...
GHSA-9768-HPRV-CRJ5 Jenkins Credentials Binding Plugin vulnerability can expose sensitive information in logger messages
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log. Credentials Binding Plugin 687.689.v1af775332fc9 rethrows exceptions that contain credentials,...
CVE-2025-53650
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...
CVE-2025-53651
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...
CVE-2025-53651
CVE-2025-53651 affects the Jenkins HTML Publisher Plugin, 425 and earlier. The issue arises because log messages include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller filesystem in build logs. The Connected ...
PT-2025-28902 · Jenkins · Jenkins Credentials Binding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 687.v619cb 15e923f and earlier Description: The Jenkins Credentials Binding Plugin does not properly mask credentials present in exception error messages written to the build log. This can lead to t...