EUVD-2025-20836

Malicious code in bioql PyPI...

The vulnerability of the User1st uTester plugin in the Jenkins automation server, related to the storage of tokens in unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the User1st uTester plugin for the Jenkins automation server lies in the fact that tokens are stored in an unencrypted form in the file io.jenkins.plugins.user1st.utester.UTesterPlugin.xml. Exploiting this vulnerability could allow a malicious actor to gain unauthorized acces...

Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

GHSA-W4XV-MJ6V-P4G2 Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

CVE-2025-53678

CVE-2025-53678 affects Jenkins User1st uTester Plugin versions 1.1 and earlier. The vulnerability is that the uTester JWT token is stored unencrypted in the plugin’s global configuration file on the Jenkins controller, allowing any user with access to the controller’s filesystem to view the token...

PT-2025-28930 · Jenkins · Jenkins User1St Utester Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins User1st uTester Plugin versions 1.1 and earlier Description: The Jenkins User1st uTester Plugin stores the uTester JWT JSON Web Token token unencrypted in its global configuration file on the Jenkins controller. This allows users with...