CNNVD-202510-4002 Information

CNNVD ID

CNNVD-202510-4002

Related CVE

CVE-2025-64145

• CNNVD Published: 2025-10-29

Description (Chinese)

Jenkins ByteGuard Build Actions Plugin是Jenkins开源的一个流水线验证插件。 Jenkins ByteGuard Build Actions Plugin 1.0版本存在安全漏洞，该漏洞源于未屏蔽作业配置表单上的API令牌，可能导致攻击者观察和捕获令牌。

Description (English)

Jenkins ByteGuard Build Actions Plugin is a current-line validation plugin for Jenkins ’ open source. There is a security loophole in version 1.0 of Jenkins ByteGuard Build Actions Plugin, which originates from the API token on the unshielded job configuration form, which may lead to the attackers observing and capturing the badge.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3560 https://access.redhat.com/security/cve/cve-2025-64145

Patch

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3560