CVE-2025-53656

Name of the Vulnerable Software and Affected Versions: Jenkins ReadyAPI Functional Testing Plugin versions 1.11 and earlier

Description: The Jenkins ReadyAPI Functional Testing Plugin stores sensitive information, including SLM License Access Keys, client secrets, and passwords, in unencrypted format within job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission or file system access to view these credentials.

Recommendations: Versions prior to 1.11: Ensure that access to the Jenkins controller file system is restricted to authorized personnel only. Limit Item/Extended Read permissions to only those users who require access to job configurations.