Vulnerability Database

296,853

Total vulnerabilities in the database

CVE-2025-64143

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

As of publication of this advisory, there is no fix.

Published: Oct 29, 2025
Updated: Oct 30, 2025
CVE: CVE-2025-64143
GHSA: GHSA-4653-9q2r-684q
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-311

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
com.openshift.jenkins / openshift-pipeline	-	1.0.57.x

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3553

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo