44 matches found
CVE-2019-16545
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...
EUVD-2025-20855
Malicious code in bioql PyPI...
EUVD-2022-3201
Malicious code in bioql PyPI...
EUVD-2022-2958
Malicious code in bioql PyPI...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin vulnerability exposes API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins QMetry Test Management Plugin stores unencrypted API keys
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the job configuration form, where sensitive Qmetry Automation API Keys are not properly masked. An attacker can gain unauthorized access to confidential credentials by viewing the...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure via the storage of sensitive Qmetry Automation API Keys in plaintext within config.xml files. An attacker can obtain confidential credentials by gaining Item/Extended Read permission or accessing the Jenkins controll...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53660
CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...
CVE-2025-53660
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2025-53659
Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
PT-2025-28912 · Jenkins · Jenkins Qmetry Test Management Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the...