PT-2025-28927 · Jenkins · Jenkins Warrior Framework Plugin+1
Romuald Moisan
·
Published
2025-07-09
·
Updated
2025-07-10
·
CVE-2025-53675
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Warrior Framework Plugin versions 1.2 and earlier
Description:
The Jenkins Warrior Framework Plugin stores passwords unencrypted in job config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission or access to the Jenkins controller file system to view the passwords.
Recommendations:
Update to a newer version of the Jenkins Warrior Framework Plugin.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Warrior Framework Plugin