CVE-2025-53671

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions 1.08 and earlier

Description: The Jenkins Nouvola DiveCloud Plugin does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, potentially allowing attackers to observe and capture them.

Recommendations: For versions prior to 1.08, ensure that DiveCloud API Keys and Credentials Encryption Keys are not exposed on the job configuration form.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

BDU:2025-08569

CVE-2025-53671

GHSA-4V4V-92CX-X4F4

Affected Products

Jenkins

Jenkins Nouvola Divecloud Plugin

CVE-2025-53671

Weakness Enumeration

Related Identifiers

Affected Products

References · 9