← volver
CVE-2025-64143

CVE-2025-64143

CVSS 4.3 MEDIUMEPSS 0.2%CWE-311
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Jenkins Project · Jenkins OpenShift Pipeline Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3553http://www.openwall.com/lists/oss-security/2025/10/29/2