MEDIUM✓ PATCH🇬🇧 English

CVE-2025-31728

CVSS 5.5v3.1pub. 2025-04-02upd. 2025-04-17

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
  • Jenkins Asakusasatellite

    APP
    Jenkins
    ≤ 0.1.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
CI/CD
CWE
Referencje

Powiązane podatności

CVE-2025-31727MEDIUM5.5ten sam produkt

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.x...

CVE-2024-23897CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Jenkins CLI – odczyt dowolnych plików przez path traversal bez uwierzytelnienia

CVE-2019-1003030CRITICAL9.9⚠ KEVten sam vendor

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...

CVE-2019-1003029CRITICAL9.9⚠ KEVten sam vendor

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...

CVE-2018-1000861CRITICAL9.8⚠ KEVten sam vendor

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.13...

CVE-2025-31728 — MEDIUM 5.5 | CVEbaza.pl