CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53670
https://notcve.org/view.php?id=CVE-2025-53670
09 Jul 2025 — Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3526 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53669
https://notcve.org/view.php?id=CVE-2025-53669
09 Jul 2025 — Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3527 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53668
https://notcve.org/view.php?id=CVE-2025-53668
09 Jul 2025 — Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3527 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53667
https://notcve.org/view.php?id=CVE-2025-53667
09 Jul 2025 — Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3524 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53666
https://notcve.org/view.php?id=CVE-2025-53666
09 Jul 2025 — Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3524 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53665
https://notcve.org/view.php?id=CVE-2025-53665
09 Jul 2025 — Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3540 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53664
https://notcve.org/view.php?id=CVE-2025-53664
09 Jul 2025 — Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3540 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53663
https://notcve.org/view.php?id=CVE-2025-53663
09 Jul 2025 — Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3552 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53662
https://notcve.org/view.php?id=CVE-2025-53662
09 Jul 2025 — Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3541 • CWE-256: Plaintext Storage of a Password •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53661
https://notcve.org/view.php?id=CVE-2025-53661
09 Jul 2025 — Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3515 • CWE-522: Insufficiently Protected Credentials •