Unencrypted Token Storage in Jenkins Sensedia API Platform Tools Plugin
CVE-2025-53673

6.5MEDIUM

What is CVE-2025-53673?

The Jenkins Sensedia API Platform tools Plugin version 1.0 is susceptible to vulnerabilities due to its practice of storing the Sensedia API Manager integration token in an unencrypted format within its global configuration file on the Jenkins controller. This insecure storage method exposes sensitive data, allowing unauthorized users with access to the file system of the Jenkins controller to potentially view these integration tokens. Proper measures should be taken to secure sensitive information against unauthorized access.

Affected Version(s)

Jenkins Sensedia Api Platform tools Plugin 1.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53673 : Unencrypted Token Storage in Jenkins Sensedia API Platform Tools Plugin