CVE-2025-53656

Medium CVSS: 6.5

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Vendor

Jenkins

Product

Readyapi Functional Testing

CWE

CWE-256

Yayın Tarihi

2025-07-09 16:15:25

Güncelleme

2025-11-04 22:16:22

Source Identifier

jenkinsci-cert@googlegroups.com

KEV Date Added

Kategoriler

CWE-256 Readyapi Functional Testing MEDIUM Jenkins 2025

Referanslar

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3556 http://www.openwall.com/lists/oss-security/2025/07/09/4

Benzer Kayıtlar

High

CVE-2026-33001

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar a…

High

CVE-2026-33002

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validatio…

Medium

CVE-2026-33003

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins co…

Medium

CVE-2026-33004

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, incre…

High

CVE-2026-27099

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-prov…

Medium

CVE-2026-27100

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting…