8 matches found
Sensitive Information Disclosure
Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...
EUVD-2025-36646
Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form...
GHSA-23VJ-J6JC-W892 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files
Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...
Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files
Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...
CVE-2025-64146
Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-64147
CVE-2025-64147 affects the Jenkins Curseforge Publisher Plugin (version 1.0). The vulnerability is that API Keys are displayed unmasked on the job configuration form and stored unencrypted in config files, enabling users with sufficient permissions to observe/capture credentials. Public documents...
CVE-2025-64147
Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Jenkins Curseforge Publisher Plugin 安全漏洞
Jenkins Curseforge Publisher Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in version 1.0 of the Jenkins Curseforge Publisher Plugin that stems from unencrypted storage of API keys, which could lead to a user viewing the keys via Item or Extende...