Unencrypted Password Storage in Jenkins Warrior Framework Plugin by CloudBees
CVE-2025-53675
6.5MEDIUM
What is CVE-2025-53675?
The Jenkins Warrior Framework Plugin, versions 1.2 and earlier, has a security vulnerability where it stores sensitive passwords in an unencrypted format within the job config.xml files on the Jenkins controller. This flaw allows users with Item/Extended Read permission or those who have filesystem access to the Jenkins controller to view these unprotected passwords, posing a significant security risk. It is strongly recommended to update the plugin to ensure secure password management practices.
Affected Version(s)
Jenkins Warrior Framework Plugin 0 <= 1.2