Unencrypted Token Storage in Jenkins Dead Man's Snitch Plugin by Jenkins
CVE-2025-53666

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Dead Man's Snitch Plugin
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-53666?

The Dead Man's Snitch Plugin for Jenkins has a vulnerability where sensitive tokens are stored unencrypted in the job config.xml files on the Jenkins controller. This exposure can allow users with Item/Extended Read permissions or access to the Jenkins controller's file system to view these tokens, potentially leading to unauthorized access and compromise of sensitive data.

Affected Version(s)

Jenkins Dead Man's Snitch Plugin 0.1

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECU...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Jul 8, 2025