Jenkins Security Advisory 2025-07-09: Multiple Plugin Vulnerabilities including Credential Exposure and Input Validation Issues

Key Information Vulnerability Description Jenkins Security Advisory 2025-07-09 - Describes multiple security vulnerabilities found in various plugins, including: - Improper credential binding (Credentials Binding Plugin) - File path information disclosure (HTML Publisher Plugin) - Lack of input validation for parameter values (Git Parameter Plugin) - API keys and tokens stored and displayed in plaintext (multiple plugins) Affected Plugins Credentials Binding Plugin HTML Publisher Plugin Git Parameter Plugin Aqua Security Scanner Plugin Statistics Gathering Plugin ReedyAPI Functional Testing Plugin Applitools Eyes Plugin QMetry Test Management Plugin Testigma Test Plan run Plugin IFTTT Build Notifier Plugin IBM Cloud DevOps Plugin Spica Loadtest Plugin Dead Man's Snitch Plugin Maddy Plugin Novoza DexCloud Plugin Kryptonite Plugin Sentridus Api Platform Plugin Warrior Framework Plugin Xoon Plugin Userlist Ufacial Plugin Severity High: 14 plugins Medium: 6 plugins Low: 3 plugins Affected Versions Lists specific version ranges affected for each plugin Mitigation Provides remediation guidance and updated versions for each vulnerability Acknowledgments Thanks to security researchers and teams who discovered and reported these vulnerabilities

Goal Reached Thanks to every supporter — we hit 100%!

Jenkins Security Advisory 2025-07-09: Multiple Plugin Vulnerabilities including Credential Exposure and Input Validation Issues