Cleartext Transmission of Sensitive Information Affecting io.jenkins.plugins:byteguard-build-actions package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JAVA-IOJENKINSPLUGINS-13776496
- published30 Oct 2025
- disclosed29 Oct 2025
- creditHamadache Mohamed
Introduced: 29 Oct 2025
NewCVE-2025-64144 (opens in a new tab)How to fix?
There is no fixed version for io.jenkins.plugins:byteguard-build-actions.
Overview
io.jenkins.plugins:byteguard-build-actions is a ByteGuard adds a human verification step to your most consequential scripts. We use a mechanism similar to multifactor authentication for soliciting approval from team members before a function executes. This functionality can be used to safeguard against human error, workflow errors, and bugs in automation. Below are the steps to use byteguard-build-actions plugin.
Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the storage of API tokens in unencrypted form within the config.xml job. An attacker can gain unauthorized access to sensitive credentials by obtaining Item/Extended Read permission or direct access to the Jenkins controller file system. Additionally, credentials may be exposed through the job configuration form, which does not mask these values.