Lucene search
K

126 matches found

CVE
CVE
added 2026/06/24 1:20 p.m.9 views

CVE-2026-57302

CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/18 6:31 p.m.6 views

EUVD-2026-12847

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 4:16 p.m.9 views

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:15 p.m.5 views

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.8AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.13 views

CVE-2019-16542

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00852EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.9 views

Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.8AI score0.00153EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/08 1:57 p.m.9 views

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS6.8AI score0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.4 views

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.5AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2174

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01632EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5766

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00927EPSS
Exploits0References3
OSV
OSV
added 2025/07/09 4:15 p.m.3 views

CVE-2025-53675

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS5.8AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.5 views

CVE-2025-53656

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.6 views

PT-2025-28916 · WordPress +1 · Jenkins Apica Loadtest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Apica Loadtest Plugin versions 1.10 and earlier Description: The Jenkins Apica Loadtest Plugin stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller. These tokens are accessible ...

6.8CVSS6.1AI score0.00314EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.5 views

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

6.8CVSS6.1AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.7 views

PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...

4.3CVSS5.9AI score0.00191EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:42 a.m.8 views

CVE-2023-30523

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.7AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:18 p.m.8 views

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.8AI score0.00852EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.10 views

CVE-2019-10385

Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.21 views

CVE-2019-10283

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.7AI score0.01773EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.8 views

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS6.8AI score0.00469EPSS
Exploits0References1
Rows per page
Query Builder