CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Published Oct 30, 2025

https://github.com/advisories/GHSA-23vj-j6jc-w892

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Published Oct 30, 2025

https://github.com/advisories/GHSA-23vj-j6jc-w892

CVSS ScoreMedium

4.3


maven	org.jenkins-ci.plugins/curseforge-publisher	1.0

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/curseforge-publisher	1.0

Find vulnerabilities. Fix fast with AI.

CVE-2025-64146

CVE-2025-64146