Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can b ...
Continue Reading
July 09, 2025
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to ob ...
Continue Reading
July 09, 2025
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewe ...
Continue Reading
July 09, 2025
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file com.sensedia.configuration.SensediaApiConfiguration.xml on ...
Continue Reading
July 09, 2025
QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewe ...
Continue Reading
July 09, 2025
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller as pa ...
Continue Reading
July 09, 2025
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by u ...
Continue Reading
July 09, 2025
Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. While these API keys are stored encrypted on disk, in T ...
Continue Reading
July 09, 2025
Back to Main
