Unencrypted Token Storage Vulnerability in Jenkins Apica Loadtest Plugin
CVE-2025-53664

6.5MEDIUM

Key Information:

Vendor

Jenkins

Vendor
CVE Published:
9 July 2025

What is CVE-2025-53664?

The Apica Loadtest Plugin for Jenkins is vulnerable due to the storage of authentication tokens in an unencrypted format within job config.xml files. This risk allows users with Item/Extended Read permissions or those accessing the Jenkins controller filesystem to potentially view sensitive authentication tokens, leading to unauthorized access to secured resources.

Affected Version(s)

Jenkins Apica Loadtest Plugin 0 <= 1.10

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53664 : Unencrypted Token Storage Vulnerability in Jenkins Apica Loadtest Plugin