Insecure Storage of API Keys in Jenkins Nouvola DiveCloud Plugin
CVE-2025-53670
6.5MEDIUM
What is CVE-2025-53670?
The Jenkins Nouvola DiveCloud Plugin prior to version 1.09 stores sensitive API keys and encryption credentials in plain text within job config.xml files. This vulnerability allows anyone with Item/Extended Read permissions, or access to the Jenkins controller file system, to view these unencrypted credentials, posing a significant security risk.
Affected Version(s)
Jenkins Nouvola DiveCloud Plugin 0 <= 1.08