Exposure of Sensitive Information in Jenkins Plugin
CVE-2025-53657
4.3MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 9 July 2025
What is CVE-2025-53657?
The Jenkins ReadyAPI Functional Testing Plugin versions 1.11 and earlier reveal sensitive information, such as SLM License Access Keys, client secrets, and passwords, on the job configuration form. This lack of proper masking increases the risk that unauthorized users might observe and capture these credentials, making it crucial for users to assess their security practices and upgrade to more secure versions of the plugin.
Affected Version(s)
Jenkins ReadyAPI Functional Testing Plugin 0 <= 1.11