Unencrypted Authentication Token Exposure in Jenkins IBM Cloud DevOps Plugin
CVE-2025-53663

6.5MEDIUM

Key Information:

Vendor

Jenkins

Vendor
CVE Published:
9 July 2025

What is CVE-2025-53663?

The Jenkins IBM Cloud DevOps Plugin versions 2.0.16 and earlier store SonarQube authentication tokens in an unencrypted format within the job config.xml files on the Jenkins controller. This vulnerability allows users with Item/Extended Read permission or access to the Jenkins controller file system to potentially view these sensitive tokens, compromising the security and integrity of the system.

Affected Version(s)

Jenkins IBM Cloud DevOps Plugin 0 <= 2.0.16

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53663 : Unencrypted Authentication Token Exposure in Jenkins IBM Cloud DevOps Plugin