4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-64144

GHSA ID

GHSA-2vmr-8c82-x8xq

EPSS Score

CWE

CWE-311

Published

10/29/2025

Updated

10/29/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-64144

CVE-2025-64144: Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

Jenkins ByteGuard Build Actions Plugin 1.0 and earlier stores API tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Additionally, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them.

As of publication of this advisory, there is no fix.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-64144

GHSA ID

GHSA-2vmr-8c82-x8xq

EPSS Score

CWE

CWE-311

Published

10/29/2025

Updated

10/29/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
io.jenkins.plugins:byteguard-build-actions	maven	<= 1.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

J*nkins *yt**u*r* *uil* **tions Plu*in *.* *n* **rli*r stor*s *PI tok*ns un*n*rypt** in jo* `*on*i*.xml` *il*s on t** J*nkins *ontroll*r *s p*rt o* its *on*i*ur*tion. T**s* tok*ns **n ** vi*w** *y us*rs wit* It*m/*xt*n*** R*** p*rmission or ****ss t

Reasoning

No *n*lysis *v*il**l*

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-64144: Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI