Unencrypted Token Storage Vulnerability in Jenkins Apica Loadtest Plugin
CVE-2025-53664
6.5MEDIUM
What is CVE-2025-53664?
The Apica Loadtest Plugin for Jenkins is vulnerable due to the storage of authentication tokens in an unencrypted format within job config.xml files. This risk allows users with Item/Extended Read permissions or those accessing the Jenkins controller filesystem to potentially view sensitive authentication tokens, leading to unauthorized access to secured resources.
Affected Version(s)
Jenkins Apica Loadtest Plugin 0 <= 1.10