PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin+1
Romuald Moisan
·
Published
2025-07-09
·
Updated
2025-07-10
·
CVE-2025-53670
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Nouvola DiveCloud Plugin versions prior to 1.09
Description:
The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in
config.xml files on the Jenkins controller. Users with Item/Extended Read permission or access to the Jenkins controller file system can view these keys.Recommendations:
Upgrade to Jenkins Nouvola DiveCloud Plugin version 1.09 or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Nouvola Divecloud Plugin