Exposure of JWT Tokens in Jenkins User1st uTester Plugin by CloudBees
CVE-2025-53678
6.5MEDIUM
What is CVE-2025-53678?
The Jenkins User1st uTester Plugin, specifically in versions 1.1 and earlier, is susceptible to a security issue where the uTester JWT token is stored unencrypted in the global configuration file on the Jenkins controller. This exposure allows any user with access to the file system of the Jenkins controller to view the sensitive JWT tokens, which could lead to unauthorized access and potential exploitation of user credentials. Organizations utilizing this plugin should take immediate action to mitigate risks and secure their Jenkins environment.
Affected Version(s)
Jenkins User1st uTester Plugin 0 <= 1.1