PT-2025-44294 · Jenkins · Jenkins Byteguard Build Actions Plugin+1
Published
2025-10-29
·
Updated
2025-11-04
·
CVE-2025-64145
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins ByteGuard Build Actions Plugin version 1.0
Description
The Jenkins ByteGuard Build Actions Plugin version 1.0 does not properly mask API tokens displayed on the job configuration form. This can allow attackers to observe and capture these tokens, potentially leading to unauthorized access or actions.
Recommendations
Update to a newer version of the Jenkins ByteGuard Build Actions Plugin that addresses this issue.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Byteguard Build Actions Plugin