Lucene search
K

8 matches found

Veracode
Veracode
added 2025/12/13 4:18 a.m.7 views

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/29 3:31 p.m.6 views

EUVD-2025-36646

Jenkins Curseforge Publisher Plugin does not mask API Keys displayed on the job configuration form...

4.3CVSS6.4AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 3:31 p.m.7 views

GHSA-23VJ-J6JC-W892 Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

4.3CVSS6.8AI score0.00158EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.12 views

Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files

Jenkins Curseforge Publisher Plugin 1.0 and earlier stores API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the j...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/29 2:15 p.m.6 views

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 1:29 p.m.13 views

CVE-2025-64147

CVE-2025-64147 affects the Jenkins Curseforge Publisher Plugin (version 1.0). The vulnerability is that API Keys are displayed unmasked on the job configuration form and stored unencrypted in config files, enabling users with sufficient permissions to observe/capture credentials. Public documents...

4.3CVSS6.5AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/29 1:29 p.m.10 views

CVE-2025-64147

Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

0.00237EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.9 views

Jenkins Curseforge Publisher Plugin 安全漏洞

Jenkins Curseforge Publisher Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in version 1.0 of the Jenkins Curseforge Publisher Plugin that stems from unencrypted storage of API keys, which could lead to a user viewing the keys via Item or Extende...

4.3CVSS6.4AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder