CVE-2025-53662

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

Jenkins IFTTT Build Notifier Plugin versions 1.2 and earlier

Description:

The Jenkins IFTTT Build Notifier Plugin stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller. These keys can be viewed by users with Item/Extended Read permission or those with access to the Jenkins controller file system.

Recommendations:

Update to a version of the Jenkins IFTTT Build Notifier Plugin later than 1.2.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

BDU:2025-08315

CVE-2025-53662

GHSA-JXWJ-QCCF-4896

Affected Products

Jenkins

Jenkins Ifttt Build Notifier Plugin

CVE-2025-53662

Name of the Vulnerable Software and Affected Versions:

Description:

Recommendations:

Weakness Enumeration

Related Identifiers

Affected Products

References · 11