PT-2025-14514 · Jenkins · Jenkins Cadence Vmanager Plugin+1
Romuald Moisan
+1
·
Published
2025-04-02
·
Updated
2025-04-17
·
CVE-2025-31724
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Cadence vManager Plugin versions 4.0.0-282.v5096a c2db 275 and earlier
Description
The issue concerns the storage of Verisium Manager vAPI keys in an unencrypted form within job config.xml files on the Jenkins controller. These keys can be accessed by users who have Extended Read permission or direct access to the Jenkins controller file system.
Recommendations
For versions 4.0.0-282.v5096a c2db 275 and earlier, consider restricting access to the Jenkins controller file system and limiting Extended Read permissions to minimize exposure of the unencrypted vAPI keys until a fix is available.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Cadence Vmanager Plugin