CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Published Oct 30, 2025

https://github.com/advisories/GHSA-2vmr-8c82-x8xq

CVSS ScoreMedium

5.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64144

Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Published Oct 30, 2025

https://github.com/advisories/GHSA-2vmr-8c82-x8xq

CVSS ScoreMedium

5.3


maven	io.jenkins.plugins/byteguard-build-actions	1.0

Ecosystem	Package	Version


maven	io.jenkins.plugins/byteguard-build-actions	1.0

Find vulnerabilities. Fix fast with AI.

CVE-2025-64144

CVE-2025-64144