Security
Headlines

Headlines Latest CVEs

Headline

GHSA-fxj7-6v9w-xc76: Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

1 day ago

#git #java #intel #auth #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67637

Jenkins’s build authorization token is stored and displayed in plain text

Moderate severity GitHub Reviewed Published Dec 10, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025

Package

maven org.jenkins-ci.main:jenkins-core (Maven)

Affected versions

>= 2.529, < 2.541

< 2.528.3

Patched versions

2.541

2.528.3

Description

Published to the GitHub Advisory Database

Dec 10, 2025

Last updated

Dec 10, 2025

EPSS score

ghsa: Latest News

GHSA-qgc4-8p88-4w7m: Servify-express rate limit issue

4 hours ago

GHSA-9449-rphm-mjqr: AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

5 hours ago

GHSA-fw33-qpx7-rhx2: Vulnerability discovered in gardenctl versions < v2.12.0

6 hours ago

GHSA-g754-hx8w-x2g6: quic-go HTTP/3 QPACK Header Expansion DoS

6 hours ago

GHSA-8xqm-6fj2-hfgf: PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

7 hours ago