GHSA-4653-9Q2R-684Q Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

EUVD-2022-1914

Malicious code in bioql PyPI...

EUVD-2022-6364

Malicious code in bioql PyPI...

EUVD-2023-2142

Malicious code in bioql PyPI...

EUVD-2023-1934

Malicious code in bioql PyPI...

EUVD-2022-4487

Malicious code in bioql PyPI...

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

CVE-2020-2155

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

CVE-2023-37947

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb1a20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks...

CVE-2023-37946

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb1a20 and earlier does not invalidate the previous session on login...

@ambers/helios (>=0.10.0 <=0.13.5), @cloudmosaic/quickstarts (>=1.0.0-rc.0 <=1.0.0-rc.1) +181 more potentially affected by unknown CVE via showdown (>=0.0.1 <=1.9.0)

showdown NPM version =0.0.1, =0.10.0, =1.0.0-rc.0, =1.0.0, =1.0.0-alpha.1, =2.0.0, =0.4.0, =1.6.3, =5.2.1, =0.0.11, =0.0.9, =0.0.2, =1.0.0, =1.0.1, =2.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6MQ-3CJ6-H738...

CloudBees Jenkins OpenShift Pipeline Plugin Remote Code Execution Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Pipeline Plugin is used in which a plug-in with the ability to deploy...

Input validation

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...