PT-2025-44292 · Jenkins · Jenkins Openshift Pipeline Plugin+1

Published

2025-10-29

Updated

2025-11-04

CVE-2025-64143

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins OpenShift Pipeline Plugin versions 1.0.57 and earlier

Description The Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted within config.xml files on the Jenkins controller. These files are accessible to users possessing Item/Extended Read permission or those with access to the Jenkins controller file system. This allows unauthorized viewing of sensitive authorization tokens.

Recommendations Update to a newer version of the Jenkins OpenShift Pipeline Plugin that addresses this issue.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2025-64143

GHSA-4653-9Q2R-684Q

Affected Products

Jenkins

Jenkins Openshift Pipeline Plugin

PT-2025-44292 · Jenkins · Jenkins Openshift Pipeline Plugin+1

CVE-2025-64143

Weakness Enumeration

Related Identifiers

Affected Products

References · 9