PT-2025-45778 — Missing Encryption of Sensitive Data em Maven Jenkins Byteguard Build Actions Plugin

PT-2025-45778 · Maven · Jenkins Byteguard Build Actions Plugin

Publicado

2025-10-29

Atualizado

2025-10-29

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Additionally, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them.

As of publication of this advisory, there is no fix.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

GHSA-VMM2-53RC-43V3

Produtos afetados

Jenkins Byteguard Build Actions Plugin

PT-2025-45778 · Maven · Jenkins Byteguard Build Actions Plugin

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5