PT-2025-28931 · Cloudbees+2 · Jenkins+1

Said Abdesslem Messadi

Publicado

2025-07-09

Atualizado

2025-07-10

CVE-2025-53742

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier

Description: The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or access to the Jenkins controller file system can view these keys.

Recommendations: For versions prior to 1.16.5, ensure that access to job config.xml files is restricted to authorized personnel only.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

BDU:2025-08323

CVE-2025-53742

GHSA-Q92V-3F4W-5XG8

Produtos afetados

Applitools Eyes Plugin

Jenkins

PT-2025-28931 · Cloudbees+2 · Jenkins+1

CVE-2025-53742

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8