Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 4.3 Maven

Jenkins's build authorization token is stored and displayed in plain text

GHSA-hxjg-2jvf-h3rx · BIT-jenkins-2025-67638 · CVE-2025-67638

Published · Modified

Description

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes