Publish Advisories

GHSA-2vmr-8c82-x8xq
GHSA-4653-9q2r-684q
GHSA-j7r7-7qmf-xq87
GHSA-rh72-238f-g26q
GHSA-2vmr-8c82-x8xq
GHSA-4653-9q2r-684q
GHSA-j7r7-7qmf-xq87
GHSA-rh72-238f-g26q

Author: advisory-database[bot]

advisories/github-reviewed/2025/10/GHSA-2vmr-8c82-x8xq/GHSA-2vmr-8c82-x8xq.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2vmr-8c82-x8xq",
+  "modified": "2025-10-29T22:01:34Z",
+  "published": "2025-10-29T15:31:56Z",
+  "aliases": [
+    "CVE-2025-64144"
+  ],
+  "summary": "Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files",
+  "details": "Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration.\n\nThese tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\nAdditionally, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them.\n\nAs of publication of this advisory, there is no fix.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "io.jenkins.plugins:byteguard-build-actions"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64144"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jenkinsci/byteguard-build-actions-plugin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3560"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-311"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T22:01:34Z",
+    "nvd_published_at": "2025-10-29T14:15:59Z"
+  }
+}

advisories/github-reviewed/2025/10/GHSA-4653-9q2r-684q/GHSA-4653-9q2r-684q.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4653-9q2r-684q",
+  "modified": "2025-10-29T22:02:03Z",
+  "published": "2025-10-29T15:31:56Z",
+  "aliases": [
+    "CVE-2025-64143"
+  ],
+  "summary": "Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files",
+  "details": "Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration.\n\nThese token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\nAs of publication of this advisory, there is no fix.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "com.openshift.jenkins:openshift-pipeline"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "1.0.57"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64143"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jenkinsci/openshift-pipeline-plugin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3553"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-311"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T22:02:03Z",
+    "nvd_published_at": "2025-10-29T14:15:58Z"
+  }
+}

advisories/github-reviewed/2025/10/GHSA-j7r7-7qmf-xq87/GHSA-j7r7-7qmf-xq87.json

@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j7r7-7qmf-xq87",
+  "modified": "2025-10-29T22:03:43Z",
+  "published": "2025-10-29T15:31:56Z",
+  "aliases": [
+    "CVE-2025-64131"
+  ],
+  "summary": "Jenkins SAML Plugin does not implement a replay cache",
+  "details": "Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache.\n\nThis allows attackers able to obtain information about the SAML authentication flow between a user’s web browser and Jenkins to replay those requests, authenticating to Jenkins as that user.\n\nSAML Plugin 4.583.585.v22ccc1139f55 implements a replay cache that rejects replayed requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.jenkins-ci.plugins:saml"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "4.583.585.v22ccc1139f55"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jenkinsci/saml-plugin/commit/6170b1013daf52770de29a66aeb57893aae1d7d6"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jenkinsci/saml-plugin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3613"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-294"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T22:03:43Z",
+    "nvd_published_at": "2025-10-29T14:15:57Z"
+  }
+}

advisories/github-reviewed/2025/10/GHSA-rh72-238f-g26q/GHSA-rh72-238f-g26q.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rh72-238f-g26q",
+  "modified": "2025-10-29T22:02:42Z",
+  "published": "2025-10-29T15:31:56Z",
+  "aliases": [
+    "CVE-2025-64140"
+  ],
+  "summary": "Jenkins Azure CLI Plugin does not restrict the commands it executes",
+  "details": "Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller.\n\nThis allows attackers with Item/Configure permission to execute arbitrary shell commands on the Jenkins controller.\n\nAs of publication of this advisory, there is no fix.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.jenkins-ci.plugins:azure-cli"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "0.9"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64140"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/jenkinsci/azure-cli-plugin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3538"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-10-29T22:02:42Z",
+    "nvd_published_at": "2025-10-29T14:15:58Z"
+  }
+}