CVE-2025-53676

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Xooa Plugin versions 0.0.7 and earlier

Description: The Jenkins Xooa Plugin stores the Xooa Deployment Token unencrypted in its global configuration file on the Jenkins controller. This allows users with access to the Jenkins controller file system to view the token.

Recommendations: Update to a newer version of the Jenkins Xooa Plugin.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

BDU:2025-08571

CVE-2025-53676

GHSA-56H7-R62C-83QP

Affected Products

Jenkins

Jenkins Xooa Plugin

CVE-2025-53676

Weakness Enumeration

Related Identifiers

Affected Products

References · 9