EUVD-2025-9534

Malicious code in bioql PyPI...

EUVD-2022-6999

Malicious code in bioql PyPI...

GHSA-P9GH-RPJW-78QG Jenkins QMetry Test Management Plugin stores unencrypted API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins QMetry Test Management Plugin vulnerability exposes API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins QMetry Test Management Plugin stores unencrypted API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53670

The CVE-2025-53670 entry applies to Jenkins Nouvola DiveCloud Plugin, affected versions prior to 1.09. The underlying issue is that DiveCloud API Keys and Credentials Encryption Keys are stored unencrypted in job config.xml files on the Jenkins controller, making them readable by users with Item/...

CVE-2025-53659

CVE-2025-53659 affects the Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability arises because QMetry Automation API Keys are stored unencrypted in job config.xml files on the Jenkins controller and can be viewed by users with Item/Extended Read permission or by anyone with a...

PT-2025-28931 · Cloudbees +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or...

PT-2025-28920 · Jenkins · Jenkins Vaddy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins VAddy Plugin versions prior to 1.2.9 Description: The Jenkins VAddy Plugin stores VAddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible to users with Item/Extended Read permission...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2025-31724

The CVE-2025-31724 issue affects the Jenkins Cadence vManager Plugin (versions up to 4.0.0-282.v5096a_c2db_275 and earlier). The root cause is unencrypted storage of Verisium Manager vAPI keys in job config.xml files on the Jenkins controller, exposing keys to users with Extended Read permission ...

PT-2025-14517 · Jenkins · Jenkins Asakusasatellite Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the storage of AsakusaSatellite API keys in an unencrypted manner within job config.xml files on the Jenkins controller. This allows users with...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2022-22355 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins controller. These keys can be...

Jenkins Plugin OpsGenie 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...