Lucene search
K

9 matches found

OpenVAS
OpenVAS
added 2025/12/11 12:0 a.m.4 views

Jenkins < 2.528.3, 2.541 Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

7.5CVSS7.8AI score0.00506EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.29 views

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

0.00153EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/29 3:31 p.m.12 views

Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/29 1:29 p.m.3 views

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system...

6.5AI score0.00158EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.5 views

The vulnerability of the Dead Man’s Snitch plugin in Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Dead Man’s Snitch plugin in the Jenkins automation server lies in the fact that tokens are stored in an unencrypted form in the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00205EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.6 views

The vulnerability of the Dead Man’s Snitch plugin in Jenkins servers, related to the storage of tokens in unencrypted form, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Dead Man’s Snitch plugin in the Jenkins automation server lies in the fact that tokens are stored in an unencrypted form in the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/16 12:0 a.m.4 views

The vulnerability of the Jenkins automation server plugin Xooa lies in the storage of tokens in an unencrypted form, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server plugin Xooa is related to the storage of tokens in an unencrypted form in the file io.jenkins.plugins.xooa.GlobConfig.xml. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

5.3CVSS5.5AI score0.00252EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.3 views

CVE-2022-34808

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00557EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/15 5:15 p.m.2 views

CVE-2022-27218

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00719EPSS
Exploits0References3
Rows per page
Query Builder