Insertion Of Sensitive Information

Jenkins Kryptowire Plugin is vulnerable to insertion of sensitive information. The vulnerability is due to storing the Kryptowire API key in an unencrypted global configuration file, which allows an attacker with access to the Jenkins controller file system to retrieve the API key...

CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...

GHSA-CVG7-767R-W3FQ Jenkins Kryptowire Plugin vulnerability stores unencrypted Kryptowire API key

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controlle...

Credential Exposure

Overview Affected versions of this package are vulnerable to Credential Exposure due to the storage of sensitive credentials in plaintext within the global configuration file on the controller file system. An attacker can obtain confidential information by gaining access to the file system...

CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53672

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53672

The CVE-2025-53672 affects Jenkins Kryptowire Plugin 0.2 and earlier. It stores the Kryptowire API key unencrypted in the plugin’s global configuration file on the Jenkins controller, enabling access to the key by users with file-system access to the Jenkins controller. This is the stated root ca...

Jenkins plugin Kryptowire 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28924 · Jenkins · Jenkins Kryptowire Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Kryptowire Plugin versions 0.2 and earlier Description: The Jenkins Kryptowire Plugin stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins...

Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in...

Android and iOS apps contain multiple vulnerabilities

Overview Android apps, including those pre-installed on some mobile devices, contain multiple vulnerabilities. All of these vulnerabilities were reported by Kryptowire. Vulnerabilities in pre-installed apps were presented at DEF CON 26 and a set of different vulnerabilities were previously...

Amazon Halts Sale of Android Blu Phone Amid Spyware Concerns

Android phone maker Blu Products was dealt a blow Monday when Amazon said it would no longer sell its phones, citing security and privacy issues. The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting...

Android Spyware Still Collects PII Despite Outcry

UPDATE LAS VEGAS—Shanghai Adups Technology Co. was roundly criticized Wednesday during a Black Hat session for continuing to use spyware called Adups on at least two Android handset makers’ phones. Researchers said the company was still collecting personal identifiable information without user...

Backdoor Found in Firmware of Some Android Devices

Nearly three million Android devices are vulnerable to an attack that could allow a hacker to compromise over-the-air OTA updates to the devices and allow adversaries to remotely execute commands with root privileges. The problem stems from what researchers call an insecure implementation of an O...

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China

Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log,...