PT-2025-45667 — Missing Encryption of Sensitive Data in Maven Com.Openshift.Jenkins:Openshift-Pipeline

PT-2025-45667 · Maven · Com.Openshift.Jenkins:Openshift-Pipeline

Published

2025-10-29

Updated

2025-10-29

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

As of publication of this advisory, there is no fix.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

GHSA-4653-9Q2R-684Q

Affected Products

Com.Openshift.Jenkins:Openshift-Pipeline

PT-2025-45667 · Maven · Com.Openshift.Jenkins:Openshift-Pipeline

Weakness Enumeration

Related Identifiers

Affected Products

References · 5