46 matches found
CVE-2019-16545
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
EUVD-2025-20855
Malicious code in bioql PyPI...
EUVD-2022-2958
Malicious code in bioql PyPI...
EUVD-2022-3201
Malicious code in bioql PyPI...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.
The vulnerability of the QMetry Test Management plugin for the Jenkins server relates to the storage of Qmetry Automation API keys in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.
The vulnerability of the QMetry Test Management plugin for the Jenkins automation server lies in the fact that API keys from Qmetry Automation are stored publicly in the config.xml file. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the job configuration form, where sensitive Qmetry Automation API Keys are not properly masked. An attacker can gain unauthorized access to confidential credentials by viewing the...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure via the storage of sensitive Qmetry Automation API Keys in plaintext within config.xml files. An attacker can obtain confidential credentials by gaining Item/Extended Read permission or accessing the Jenkins controll...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...