CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53743
https://notcve.org/view.php?id=CVE-2025-53743
09 Jul 2025 — Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3510 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53742
https://notcve.org/view.php?id=CVE-2025-53742
09 Jul 2025 — Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3510 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53678
https://notcve.org/view.php?id=CVE-2025-53678
09 Jul 2025 — Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3518 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53677
https://notcve.org/view.php?id=CVE-2025-53677
09 Jul 2025 — Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3522 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53676
https://notcve.org/view.php?id=CVE-2025-53676
09 Jul 2025 — Jenkins Xooa Plugin 0.0.7 and earlier stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3522 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53675
https://notcve.org/view.php?id=CVE-2025-53675
09 Jul 2025 — Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3516 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53674
https://notcve.org/view.php?id=CVE-2025-53674
09 Jul 2025 — Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53673
https://notcve.org/view.php?id=CVE-2025-53673
09 Jul 2025 — Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53672
https://notcve.org/view.php?id=CVE-2025-53672
09 Jul 2025 — Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3525 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53671
https://notcve.org/view.php?id=CVE-2025-53671
09 Jul 2025 — Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. • https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3526 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •