16 matches found
CVE-2023-50777
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
EUVD-2025-9527
Malicious code in bioql PyPI...
EUVD-2022-1948
Malicious code in bioql PyPI...
EUVD-2023-0319
Malicious code in bioql PyPI...
EUVD-2022-5112
Malicious code in bioql PyPI...
EUVD-2022-6781
Malicious code in bioql PyPI...
EUVD-2022-6348
Malicious code in bioql PyPI...
EUVD-2022-6248
Malicious code in bioql PyPI...
CVE-2025-53674
Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2025-53678
Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
CVE-2025-53655
CVE-2025-53655 affects Jenkins Statistics Gatherer Plugin versions 2.0.3 and earlier. The root issue is that the AWS Secret Key is stored unencrypted in the global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller and is not masked in...
CVE-2023-30521
A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
CVE-2022-34186
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24456
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...