CVE-2025-53660

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier

Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the Jenkins controller and are visible to users with Item/Extended Read permission or file system access. The job configuration form also displays these API keys without masking, potentially allowing attackers to observe and capture them.

Recommendations: Versions prior to 1.13: At the moment, there is no information about a newer version that contains a fix for this vulnerability.