CVE-2025-53661

Name of the Vulnerable Software and Affected Versions: Jenkins Testsigma Test Plan run Plugin versions 1.6 and earlier

Description: The Jenkins Testsigma Test Plan run Plugin does not mask Testsigma API keys displayed on the job configuration form. This increases the potential for attackers to observe and capture these keys. The plugin stores these API keys in job config.xml files on the Jenkins controller, encrypted on disk, but they are not masked in the job configuration form in versions 1.6 and earlier.

Recommendations: Versions prior to 1.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.