EUVD-2021-2407

Malware in sbrugna...

EUVD-2025-20837

Malicious code in bioql PyPI...

CVE-2025-53676

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

GHSA-23J7-PX3W-JWP2 Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the global configuration form where the Xooa Deployment Token is displayed in plain text. An attacker can obtain sensitive authentication credentials by viewing the configuration form. Remediation...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure in the storage of the Xooa Deployment Token in the global configuration file on the Jenkins controller. An attacker can gain unauthorized access to sensitive credentials by obtaining access to the Jenkins controller...

CVE-2025-53677

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53676

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53677

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53677

Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2025-53676

Summary: CVE-2025-53676 affects the Jenkins Xooa Plugin (versions in the 0.0.7 line and earlier). Affected software: Jenkins Xooa Plugin 0.0.7 and earlier. The issue is stored deployment tokens are kept unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing them...

CVE-2025-53676

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53676

Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

PT-2025-28929 · Jenkins · Jenkins Xooa Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Xooa Plugin versions 0.0.7 and earlier Description: The Jenkins Xooa Plugin does not mask the Xooa Deployment Token on the global configuration form, potentially allowing attackers to observe and capture it. Recommendations: Update to...

Jenkins plugin Xooa 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab. An attacker exploited the...

Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys

Impact Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email. Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply...

CVE-2021-41273

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

Cross site request forgery (csrf)

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...