Unencrypted Token Storage in Jenkins Sensedia API Platform Tools Plugin
CVE-2025-53673

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Sensedia Api Platform Tools Plugin
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-53673?

The Jenkins Sensedia API Platform tools Plugin version 1.0 is susceptible to vulnerabilities due to its practice of storing the Sensedia API Manager integration token in an unencrypted format within its global configuration file on the Jenkins controller. This insecure storage method exposes sensitive data, allowing unauthorized users with access to the file system of the Jenkins controller to potentially view these integration tokens. Proper measures should be taken to secure sensitive information against unauthorized access.

Affected Version(s)

Jenkins Sensedia Api Platform tools Plugin 1.0

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECU...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Jul 8, 2025