Exposure of Sensitive Information in Jenkins Plugin
CVE-2025-53657

4.3MEDIUM

What is CVE-2025-53657?

The Jenkins ReadyAPI Functional Testing Plugin versions 1.11 and earlier reveal sensitive information, such as SLM License Access Keys, client secrets, and passwords, on the job configuration form. This lack of proper masking increases the risk that unauthorized users might observe and capture these credentials, making it crucial for users to assess their security practices and upgrade to more secure versions of the plugin.

Affected Version(s)

Jenkins ReadyAPI Functional Testing Plugin 0 <= 1.11

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53657 : Exposure of Sensitive Information in Jenkins Plugin