Primary

Context

Jenkins ByteGuard Build Actions Plugin API Token Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jenkins ByteGuard Build Actions Plugin in version 1.0 and earlier, where API tokens are stored unencrypted in job configuration files on the Jenkins controller. The tokens can be accessed by users with Item/Extended Read permission or those who have access to the Jenkins controller file system. Furthermore, the job configuration form fails to mask these tokens, heightening the risk of unauthorized observation and capture.

Impact

The vulnerability allows for unauthorized access to API tokens, which could be intercepted and misused.

Added: Oct 29, 2025, 2:22 PM

Updated: Oct 29, 2025, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins ByteGuard Build Actions Plugin API Token Exposure Vulnerability

Vulnerability

Impact

Affected Products

Jenkins SAML Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating