9 matches found
Jenkins < 2.528.3, 2.541 Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
CVE-2025-67637
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files
Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...
CVE-2025-64144
Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...
The vulnerability of the Dead Man’s Snitch plugin in Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Dead Man’s Snitch plugin in the Jenkins automation server lies in the fact that tokens are stored in an unencrypted form in the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Dead Man’s Snitch plugin in Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Dead Man’s Snitch plugin in the Jenkins automation server lies in the fact that tokens are stored in an unencrypted form in the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Jenkins automation server plugin Xooa lies in the storage of tokens in an unencrypted form, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server plugin Xooa is related to the storage of tokens in an unencrypted form in the file io.jenkins.plugins.xooa.GlobConfig.xml. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
CVE-2022-34808
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-27218
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...