CVE-2025-53653

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin versions 3.2.8 and earlier

Description: The Jenkins Aqua Security Scanner Plugin stores Scanner Tokens for the Aqua API unencrypted in job config.xml files on the Jenkins controller. These tokens are accessible to users with Item/Extended Read permission or those with access to the Jenkins controller file system.

Recommendations: Versions prior to 3.2.8: Ensure access to job config.xml files on the Jenkins controller is restricted to authorized personnel only. Limit Item/Extended Read permissions to only those users who require them. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Encryption of Sensitive Data

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-522

Related Identifiers

BDU:2025-08308

CVE-2025-53653

GHSA-3WGG-3J4J-3F69

Affected Products

Jenkins

Jenkins Aqua Security Scanner Plugin

CVE-2025-53653

Weakness Enumeration

Related Identifiers

Affected Products

References · 12