CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

EUVD-2025-36655

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files...

Cleartext Transmission of Sensitive Information

Overview com.openshift.jenkins:openshift-pipeline is an OpenShift Pipeline Jenkins Plugin. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to storing authorization tokens unencrypted in config.xml. An attacker can access sensitive informatio...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-64143

The CVE-2025-64143 issue affects the Jenkins OpenShift Pipeline Plugin, version 1.0.57 and earlier, which stores authorization tokens unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or control‑plane access to view tokens, exposing sens...

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

PT-2025-44292

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users...

Jenkins OpenShift Pipeline Plugin 安全漏洞

Jenkins OpenShift Pipeline Plugin is an open source pipeline plugin for Jenkins. A security vulnerability exists in Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier versions, which stems from an authorization token that is not encrypted and stored in the job config.xml file of the Jenkins...

EUVD-2023-1394

Malicious code in bioql PyPI...

EUVD-2022-3658

Malicious code in bioql PyPI...

EUVD-2022-5517

Malicious code in bioql PyPI...

EUVD-2023-1224

Malicious code in bioql PyPI...

EUVD-2023-1184

Malicious code in bioql PyPI...

EUVD-2022-3922

Malicious code in bioql PyPI...

EUVD-2023-2079

Malicious code in bioql PyPI...

EUVD-2022-4342

Malicious code in bioql PyPI...

EUVD-2022-3440

Malicious code in bioql PyPI...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2022-28157

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server...