Unencrypted API Key Storage in Jenkins Applitools Eyes Plugin by Jenkins
CVE-2025-53742

6.5MEDIUM

Key Information:

Vendor

Jenkins

Vendor
CVE Published:
9 July 2025

What is CVE-2025-53742?

The Applitools Eyes Plugin for Jenkins versions up to 1.16.5 is susceptible to a vulnerability where Applitools API keys are stored unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission or those with access to the Jenkins controller file system to view sensitive API keys, posing a significant risk to the integrity of user data and access control.

Affected Version(s)

Jenkins Applitools Eyes Plugin 0 <= 1.16.5

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53742 : Unencrypted API Key Storage in Jenkins Applitools Eyes Plugin by Jenkins