11 matches found
EUVD-2022-6021
Malicious code in bioql PyPI...
EUVD-2022-7458
Malicious code in bioql PyPI...
CVE-2025-53657
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53667
Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
GHSA-884F-P57J-F258 Jenkins ReadyAPI Functional Testing Plugin vulnerability stores unencrypted authentication credentials
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These credentials can be viewed by users with Item/Extended Read permission or acce...
Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53742
Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53662
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2025-31728
The CVE-2025-31728 entry concerns the Jenkins AsakusaSatellite Plugin (versions ≤ 0.1.1). Affected: AsakusaSatellite API keys are displayed in the job configuration form and are not masked, enabling observation/capture by users with permissions to view job configs or access the Jenkins controller...
PT-2025-14518 · Jenkins · Jenkins Asakusasatellite Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the exposure of AsakusaSatellite API keys on the job configuration form, which could allow attackers to observe and capture them. Recommendations: For...