Main Vulnerability Database SB2025103105

SB2025103105 - Multiple vulnerabilities in Jenkins ByteGuard Build Actions plugin

Published: October 31, 2025

Security Bulletin ID SB2025103105

Severity

Medium

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2025-64144)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected plugin stores API tokens unencrypted in job config.xml files on the Jenkins controller. A remote user can gain access to sensitive information on the system.

2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2025-64145)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the job configuration form does not mask the credentials. A remote user can gain access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3560