Unencrypted Password Storage in Jenkins Warrior Framework Plugin by CloudBees
CVE-2025-53675

6.5MEDIUM

Key Information:

Vendor

Jenkins

Vendor
CVE Published:
9 July 2025

What is CVE-2025-53675?

The Jenkins Warrior Framework Plugin, versions 1.2 and earlier, has a security vulnerability where it stores sensitive passwords in an unencrypted format within the job config.xml files on the Jenkins controller. This flaw allows users with Item/Extended Read permission or those who have filesystem access to the Jenkins controller to view these unprotected passwords, posing a significant security risk. It is strongly recommended to update the plugin to ensure secure password management practices.

Affected Version(s)

Jenkins Warrior Framework Plugin 0 <= 1.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53675 : Unencrypted Password Storage in Jenkins Warrior Framework Plugin by CloudBees