EUVD-2025-20844

Malicious code in bioql PyPI...

The vulnerability of the Nouvola DiveCloud plugin for Jenkins’ automation server, related to the storage of keys in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Nouvola DiveCloud plugin in the Jenkins automation server lies in the fact that keys are stored in an unencrypted form in the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

The vulnerability of the Nouvola DiveCloud plugin for Jenkins’ automation server, related to the storage of keys in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Nouvola DiveCloud plugin for Jenkins-based automation servers lies in the storage of keys in an unencrypted form within the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

GHSA-45HR-8GQ6-7F7F Jenkins Nouvola DiveCloud Plugin vulnerability stores unencrypted credentials

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53671

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53671

CVE-2025-53671 affects Jenkins Nouvola DiveCloud Plugin (versions 1.08 and earlier). The root cause is that DiveCloud API keys and Credentials Encryption Keys are displayed on the job configuration form and not masked, enabling observers with appropriate access to view them. Impact is exposure of...

PT-2025-28923 · Jenkins · Jenkins Nouvola Divecloud Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions 1.08 and earlier Description: The Jenkins Nouvola DiveCloud Plugin does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, potentially allowing...

PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions prior to 1.09 Description: The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in config.xml files on the Jenkins controller. Users with...

Jenkins plugin Nouvola DiveCloud 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. Jenkins plugin...