CVE-2025-53672

Name of the Vulnerable Software and Affected Versions: Jenkins Kryptowire Plugin versions 0.2 and earlier

Description: The Jenkins Kryptowire Plugin stores the Kryptowire API key unencrypted in its global configuration file org.aerogear.kryptowire.GlobalConfigurationImpl.xml on the Jenkins controller. This allows users with access to the Jenkins controller file system to view the API key.

Recommendations: Versions prior to 0.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.