Jenkins多个插件安全漏洞公告（凭证泄露/明文存储）

关键信息 漏洞描述 Jenkins Security Advisory 2025-07-09 - 描述了多个插件中存在的安全漏洞，包括凭证处理不当、文件路径信息泄露、输入验证缺失、API密钥和令牌的明文存储等。 漏洞详情 Credential Binding Plugin - 不正确的凭证标记可能导致敏感信息泄露。 HTML Publisher Plugin - 文件路径信息在HTML中泄露。 Git Parameter Plugin - 参数值缺少输入验证。 Aqua Security Scanner Plugin, Statistics Gathering Plugin, ReadyAPI Functional Testing Plugin, Applitools Eyes Plugin, QMetry Test Management Plugin, Testigma Test Plan run Plugin, IFTTT Build Notifier Plugin, IBM Cloud DevOps Plugin, Spica Loadtest Plugin, Dead Man's Snitch Plugin, Maddy Plugin, Novoza DexCloud Plugin, Kryptonite Plugin, Sentredis Api Plugin, Warrior Framework Plugin, Xoon Plugin, Userlist Ufacast Plugin - 各自存在API密钥、令牌或凭证的明文存储和显示问题。 严重性 Critical: Jenkins CLI Plugin, Credentials Binding Plugin, HTML Publisher Plugin, Git Parameter Plugin, Aqua Security Scanner Plugin, Statistics Gathering Plugin, ReadyAPI Functional Testing Plugin, Applitools Eyes Plugin, QMetry Test Management Plugin, Testigma Test Plan run Plugin, IFTTT Build Notifier Plugin, IBM Cloud DevOps Plugin, Spica Loadtest Plugin, Dead Man's Snitch Plugin, Maddy Plugin, Novoza DexCloud Plugin, Kryptonite Plugin, Sentredis Api Plugin, Warrior Framework Plugin, Xoon Plugin, Userlist Ufacast Plugin High: Jenkins CLI Plugin, Credentials Binding Plugin, HTML Publisher Plugin, Git Parameter Plugin, Aqua Security Scanner Plugin, Statistics Gathering Plugin, ReadyAPI Functional Testing Plugin, Applitools Eyes Plugin, QMetry Test Management Plugin, Testigma Test Plan run Plugin, IFTTT Build Notifier Plugin, IBM Cloud DevOps Plugin, Spica Loadtest Plugin, Dead Man's Snitch Plugin, Maddy Plugin, Novoza DexCloud Plugin, Kryptonite Plugin, Sentredis Api Plugin, Warrior Framework Plugin, Xoon Plugin, Userlist Ufacast Plugin Medium: Jenkins CLI Plugin, Credentials Binding Plugin, HTML Publisher Plugin, Git Parameter Plugin, Aqua Security Scanner Plugin, Statistics Gathering Plugin, ReadyAPI Functional Testing Plugin, Applitools Eyes Plugin, QMetry Test Management Plugin, Testigma Test Plan run Plugin, IFTTT Build Notifier Plugin, IBM Cloud DevOps Plugin, Spica Loadtest Plugin, Dead Man's Snitch Plugin, Maddy Plugin, Novoza DexCloud Plugin, Kryptonite Plugin, Sentredis Api Plugin, Warrior Framework Plugin, Xoon Plugin, Userlist Ufacast Plugin Low: Jenkins CLI Plugin, Credentials Binding Plugin, HTML Publisher Plugin, Git Parameter Plugin, Aqua Security Scanner Plugin, Statistics Gathering Plugin, ReadyAPI Functional Testing Plugin, Applitools Eyes Plugin, QMetry Test Management Plugin, Testigma Test Plan run Plugin, IFTTT Build Notifier Plugin, IBM Cloud DevOps Plugin, Spica Loadtest Plugin, Dead Man's Snitch Plugin, Maddy Plugin, Novoza DexCloud Plugin, Kryptonite Plugin, Sentredis Api Plugin, Warrior Framework Plugin, Xoon Plugin, Userlist Ufacast Plugin 影响版本 列出了受影响的具体插件版本。 固定措施 提供了针对每个漏洞的修复建议和更新版本。 致谢 感谢发现并报告这些漏洞的安全研究人员。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Jenkins多个插件安全漏洞公告（凭证泄露/明文存储）

目标达成感谢每一位支持者 — 我们达成了 100% 目标！