EUVD-2025-0159

Malicious code in bioql PyPI...

GHSA-FPW7-8GJC-JWQJ Cache confusion in Jenkins Eiffel Broadcaster Plugin

The Jenkins Eiffel Broadcaster Plugin allows events published to RabbitMQ to be signed using certificate credentials. To improve performance, the plugin caches some data from the credential. Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key. Thi...

Cache confusion in Jenkins Eiffel Broadcaster Plugin

The Jenkins Eiffel Broadcaster Plugin allows events published to RabbitMQ to be signed using certificate credentials. To improve performance, the plugin caches some data from the credential. Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key. Thi...

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

CVE-2025-24400

CVE-2025-24400 affects the Jenkins Eiffel Broadcaster Plugin (versions 2.8.0–2.10.2). The vulnerability arises because the plugin uses the credential ID as the cache key during signing operations, allowing an attacker who can create a credential with the same ID in a different credentials store t...

Jenkins plugin Eiffel Broadcaster 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-5358 · Jenkins · Jenkins Eiffel Broadcaster Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Eiffel Broadcaster Plugin versions 2.8.0 through 2.10.2 Description: The issue allows attackers to create a credential with the same ID as a legitimate one in a different credentials store, enabling them to sign an event published to...