CVE-2025-67637

CVE-2025-67637 affects Jenkins 2.540 and earlier, and LTS 2.528.2 and earlier. The issue is that build authorization tokens are stored unencrypted in job config.xml on the Jenkins controller, making them viewable by users with Item/Extended Read permission or with access to the controller filesys...

GHSA-VMM2-53RC-43V3 Jenkins ByteGuard Build Actions Plugin does not mask API tokens displayed on the job configuration form

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

GHSA-23VJ-J6JC-W892 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

PT-2025-44292

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users...

PT-2025-44295

Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...

EUVD-2025-6148

Malicious code in bioql PyPI...

The vulnerability of the IFTTT Build Notifier plugin in the Jenkins automation server, related to the storage of keys in an exposed manner, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the IFTTT Build Notifier plugin in the Jenkins automation server lies in the storage of keys in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the IBM Cloud DevOps server’s Jenkins plugin, related to the storage of keys in an open manner, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the IBM Cloud DevOps server’s Jenkins plugin lies in the fact that keys are stored publicly in the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Jenkins Plugin Ansible 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-34806

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2022-18840 · Jenkins · Jenkins Proxmox Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin versions 0.5.0 and earlier Description: The issue concerns the storage of the Proxmox Datacenter password in an unencrypted manner within the global config.xml file on the Jenkins controller. This allows users with acce...

PT-2020-15314 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 19.1.29 and earlier Description: The issue concerns the storage of proxy server passwords in an unencrypted manner within job config.xml files on the Jenkins master. These passwords can be accessed by users who...