Exposure of AWS Secret Key in Jenkins Statistics Gatherer Plugin
CVE-2025-53655
5.3MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 9 July 2025
What is CVE-2025-53655?
The Jenkins Statistics Gatherer Plugin prior to version 2.0.4 fails to adequately mask the AWS Secret Key in its global configuration interface. This oversight may allow malicious actors to easily view and capture sensitive credentials, potentially leading to unauthorized access to AWS resources. It is crucial for users to update to the latest version to mitigate this risk and protect their cloud infrastructure.
Affected Version(s)
Jenkins Statistics Gatherer Plugin 0 <= 2.0.3