Maven package
com.openshift.jenkins/openshift-pipeline
pkg:maven/com.openshift.jenkins/openshift-pipeline
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64143 | — | <= 1.0.57 | — | Oct 29, 2025 | Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||
| CVE-2020-2167 | — | < 1.0.57 | 1.0.57 | Mar 25, 2020 | Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
- CVE-2025-64143Oct 29, 2025affected <= 1.0.57
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
- CVE-2020-2167Mar 25, 2020affected < 1.0.57fixed 1.0.57
Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.