Unencrypted API Key Storage in Jenkins Applitools Eyes Plugin by Jenkins
CVE-2025-53742
6.5MEDIUM
What is CVE-2025-53742?
The Applitools Eyes Plugin for Jenkins versions up to 1.16.5 is susceptible to a vulnerability where Applitools API keys are stored unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission or those with access to the Jenkins controller file system to view sensitive API keys, posing a significant risk to the integrity of user data and access control.
Affected Version(s)
Jenkins Applitools Eyes Plugin 0 <= 1.16.5