4.3
CVE-2025-64147
- EPSS 0.02%
- Veröffentlicht 29.10.2025 13:29:50
- Zuletzt bearbeitet 04.11.2025 22:16:41
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
LoginJenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Curseforge Publisher Version1.0 SwPlatformjenkins
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.025 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-311 Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.