126 matches found
CVE-2026-57302
CVE-2026-57302 affects the Jenkins FitNesse Plugin, specifically version 1.36 and earlier. The root cause is unencrypted password storage in the job config.xml files on the Jenkins controller, enabling disclosure to users with Extended Read permission or anyone with access to the controller files...
EUVD-2026-12847
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2019-16542
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Jenkins's build authorization token is stored and displayed in plain text
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-64146
Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
EUVD-2022-2174
Malicious code in bioql PyPI...
EUVD-2022-5766
Malicious code in bioql PyPI...
CVE-2025-53675
Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53656
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file...
PT-2025-28916 · WordPress +1 · Jenkins Apica Loadtest Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Apica Loadtest Plugin versions 1.10 and earlier Description: The Jenkins Apica Loadtest Plugin stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller. These tokens are accessible ...
PT-2025-28931 · Cloudbees +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...
PT-2025-28905 · Jenkins · Jenkins Aqua Security Scanner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are...
CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2020-2132
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10385
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10283
Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10452
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...