Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31727 | 1 Jenkins | 1 Asakusasatellite | 2025-04-17 | N/A | 5.5 MEDIUM |
| Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2025-31728 | 1 Jenkins | 1 Asakusasatellite | 2025-04-17 | N/A | 5.5 MEDIUM |
| Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-30197 | 2025-03-21 | N/A | 3.1 LOW | ||
| Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. | |||||
| CVE-2025-0148 | 2025-02-03 | N/A | 2.6 LOW | ||
| Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access. | |||||
| CVE-2024-10122 | 1 Topdata | 1 Inner Rep Plus | 2024-11-06 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||