Sensitive Information Exposure

org.jenkins-ci.plugins, curseforge-publisher is vulnerable to sensitive information exposure. The vulnerability is due to improper masking of API keys on the job configuration form, which allows an attacker to observe and capture the exposed credentials...

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

Cleartext Transmission of Sensitive Information

Overview org.jenkins-ci.plugins:curseforge-publisher is a This plugin allows users to upload build artifacts to CurseForge as mod releases. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within...

Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

EUVD-2025-36646

Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form...

Cleartext Transmission of Sensitive Information

Overview org.jenkins-ci.plugins:curseforge-publisher is a This plugin allows users to upload build artifacts to CurseForge as mod releases. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within...

Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

GHSA-23VJ-J6JC-W892 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

EUVD-2025-36647

Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files...

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64147

CVE-2025-64147 affects the Jenkins Curseforge Publisher Plugin (version 1.0). The vulnerability is that API Keys are displayed unmasked on the job configuration form and stored unencrypted in config files, enabling users with sufficient permissions to observe/capture credentials. Public documents...

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64146

CVE-2025-64146 affects the Jenkins Curseforge Publisher Plugin (version 1.0) and older, where API keys are stored unencrypted in job config.xml on the Jenkins controller. This configuration data can be viewed by users with Item/Extended Read permission or by anyone with access to the Jenkins cont...