Jenkins VAddy Plugin API Key Exposure Vulnerability
CVE-2025-53668
6.5MEDIUM
What is CVE-2025-53668?
The Jenkins VAddy Plugin (version 1.2.8 and earlier) poses a security risk by storing API authentication keys in an unencrypted format within the job config.xml files on the Jenkins controller. This lax security practice allows users with Item/Extended Read permissions, or who have access to the Jenkins controller's file system, to potentially view these sensitive keys, which could lead to unauthorized access and manipulation of linked services. It is crucial for users and administrators to assess their Jenkins installation and consider implementing measures to secure their jobs and associated configurations.
Affected Version(s)
Jenkins VAddy Plugin 0 <= 1.2.8