Unencrypted Token Storage in Jenkins Sensedia API Platform Tools Plugin
CVE-2025-53673
6.5MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 9 July 2025
What is CVE-2025-53673?
The Jenkins Sensedia API Platform tools Plugin version 1.0 is susceptible to vulnerabilities due to its practice of storing the Sensedia API Manager integration token in an unencrypted format within its global configuration file on the Jenkins controller. This insecure storage method exposes sensitive data, allowing unauthorized users with access to the file system of the Jenkins controller to potentially view these integration tokens. Proper measures should be taken to secure sensitive information against unauthorized access.
Affected Version(s)
Jenkins Sensedia Api Platform tools Plugin 1.0