GHSA-CCWP-633J-G29V Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. ReadyAPI Functional Testi...

GHSA-3F82-V3QW-53Q7 Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...

GHSA-HJ32-9MCW-5CWH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...

GHSA-W53Q-R5CW-6VJH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...

GHSA-4WX5-C723-XVWV Credentials stored in plain text by Jenkins Copr Plugin

Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. Copr Plugin 0.6.1 stores these credentials encrypted. This chang...

Credentials stored in plain text by Jenkins Copr Plugin

Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. Copr Plugin 0.6.1 stores these credentials encrypted. This chang...

GHSA-Q2WV-M3PQ-XPV9 Credentials transmitted in plain text by Skytap Cloud CI Plugin

Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by...

Credentials transmitted in plain text by Jenkins DeployHub Plugin

DeployHub Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users wit...

Credentials transmitted in plain text by Backlog Plugin

Backlog Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Backlog Plugin 2.4 and earlier. These credentials could be viewed by users with...

GHSA-8MJP-8C2X-3G7W Jenkins QMetry for JIRA Plugin stored credentials in plain text

Jenkins QMetry for JIRA - Test Management Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller as part of its post-build step configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system...

GHSA-3P8R-P4Q5-MC44 Violation Comments to GitLab Plugin has Insufficiently Protected Credentials

Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...

Jenkins Git Changelog Plugin has Insufficiently Protected Credentials

Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...

Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials

Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...

Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information

Inedo ProGet Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site...

GHSA-9678-5F6F-WP3F Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...

Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...

GHSA-VWX8-QPQH-QWM9 Jenkins Maven Release Plug-in Plugin stored credentials in plain text

Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...

Jenkins Maven Release Plug-in Plugin stored credentials in plain text

Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...

GHSA-Q736-RGCP-Q443 Jenkins Gogs Plugin stored credentials in plain text

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...

Jenkins Gogs Plugin stored credentials in plain text

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...