Vulnerabilities

CVE-2025-64146

by Fred · 29/10/2025

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

More information : https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3562

Similar

Tags: Cybersecurity Alert