Unencrypted Credential Storage in Jenkins ReadyAPI Plugin by CloudBees
CVE-2025-53656
6.5MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 9 July 2025
What is CVE-2025-53656?
The Jenkins ReadyAPI Functional Testing Plugin prior to version 1.11 contains a security vulnerability that compromises sensitive information. It stores SLM License Access Keys, client secrets, and passwords in an unencrypted format in the job config.xml files on the Jenkins controller. This information can be accessed by users with the Item/Extended Read permission or those who have access to the Jenkins controller's file system, potentially exposing critical credentials to unauthorized users.
Affected Version(s)
Jenkins ReadyAPI Functional Testing Plugin 0 <= 1.11