PT-2025-14515 · Unknown+1 · Jenkins Monitor-Remote-Job Plugin+1
Zaoui Zakariae
·
Published
2025-04-02
·
Updated
2025-04-17
·
CVE-2025-31725
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jenkins monitor-remote-job Plugin version 1.0
Description
The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. These passwords can be viewed by users with Extended Read permission or those who have access to the Jenkins controller file system.
Recommendations
For Jenkins monitor-remote-job Plugin version 1.0, consider restricting access to the Jenkins controller file system and limiting Extended Read permissions to minimize the risk of password exposure. As a temporary workaround, avoid storing sensitive passwords in job config.xml files until a secure storage method is implemented.
Fix
Improper Access Control
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Monitor-Remote-Job Plugin