Cleartext Transmission of Sensitive Information Affecting io.jenkins.plugins:byteguard-build-actions package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JAVA-IOJENKINSPLUGINS-13775574
- published30 Oct 2025
- disclosed29 Oct 2025
- creditHamadache Mohamed
Introduced: 29 Oct 2025
NewCVE-2025-64145 (opens in a new tab)How to fix?
There is no fixed version for io.jenkins.plugins:byteguard-build-actions.
Overview
io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to safeguard against human error, workflow errors, and bugs in automation. Below are the steps to use byteguard-build-actions plugin.
Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API keys in unencrypted form within config.xml job. A user with Item/Extended Read permission or access to the Jenkins controller file system can obtain sensitive API tokens by accessing the Jenkins controller file system or by viewing the job configuration form.