CNNVD-202510-4001 Information
CNNVD ID
CNNVD-202510-4001
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
Jenkins Curseforge Publisher Plugin是Jenkins开源的一个自动化发布插件。 Jenkins Curseforge Publisher Plugin 1.0版本存在安全漏洞,该漏洞源于未加密存储API密钥,可能导致用户通过Item或Extended Read权限或访问Jenkins控制器文件系统查看密钥。
Description (English)
Jenkins Curseforge Publisher Plugin is an automated distribution plugin for Jenkins ’ open source. The security loophole in version 1.0 of Jenkins Curseforge Publisher Plugin stems from the unencrypted storage of the API key, which may lead users to view the key through Item or Extended Read privileges or access to the Jenkins controller file system.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Jenkins
Published
2025-10-29
Last Modified
2026-02-24
References
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3562 https://access.redhat.com/security/cve/cve-2025-64146
Patch
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3562
Share on: