VYPR

OpenShift Pipeline Plugin

by Jenkins Project

CVEs (3)

  • CVE-2020-2167HigMar 25, 2020
    risk 0.57cvss 8.8epss 0.02

    Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

  • CVE-2024-9453MedJul 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the…

  • CVE-2025-64143Oct 29, 2025
    risk 0.00cvss epss 0.00

    Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.