PT-2025-28931 · Cloudbees+2 · Jenkins+1
Said Abdesslem Messadi
·
Published
2025-07-09
·
Updated
2025-07-10
·
CVE-2025-53742
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier
Description:
The Jenkins Applitools Eyes Plugin stores Applitools API keys unencrypted in
job config.xml files on the Jenkins controller. Users with Item/Extended Read permission or access to the Jenkins controller file system can view these keys.Recommendations:
For versions prior to 1.16.5, ensure that access to
job config.xml files is restricted to authorized personnel only.Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Applitools Eyes Plugin
Jenkins