CNNVD-202510-4008 Information
CNNVD ID
CNNVD-202510-4008
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
Jenkins OpenShift Pipeline Plugin是Jenkins开源的一款流水线插件。 Jenkins OpenShift Pipeline Plugin 1.0.57及之前版本存在安全漏洞,该漏洞源于授权令牌未加密存储在Jenkins控制器的job config.xml文件中,可能导致用户通过Item或Extended Read权限或访问Jenkins控制器文件系统查看令牌。
Description (English)
Jenkins OpenShift Pipeline Plugin is an open-source water line plugin for Jenkins. There is a security loophole in Jenkins OpenShift Plugin 1.0.57 and earlier versions, which stems from the unencrypted-encrypted placard job config.xml file stored in the Jenkins controller, which may lead users to view the placard through Item or Extended Read privileges or access to the Jenkins controller file system.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Jenkins
Published
2025-10-29
Last Modified
2026-02-24
References
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3553 https://access.redhat.com/security/cve/cve-2025-64143
Patch
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3553
Share on: