Unencrypted Password Storage in Jenkins Monitor-Remote-Job Plugin by Jenkins
CVE-2025-31725

5.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Monitor-remote-job Plugin
Vendor: CVE Published:; 2 April 2025

Summary

The Jenkins monitor-remote-job Plugin version 1.0 presents a security concern by storing user passwords unencrypted within the job config.xml files on the Jenkins controller. This poses a risk as users with Extended Read permissions, or those who can access the Jenkins controller's file system, may easily view these sensitive credentials, potentially leading to unauthorized access and misuse.

Affected Version(s)

Jenkins monitor-remote-job Plugin 1.0

References

https://www.jenkins.io/security/advisory/2025-04-02/#SECU...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Apr 1, 2025