PT-2025-54708 — Cleartext Storage of Sensitive Information in Maven Org.Jenkins-Ci.Main:Jenkins-Core

PT-2025-54708 · Maven · Org.Jenkins-Ci.Main:Jenkins-Core

Published

2025-12-10

Updated

2025-12-10

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

GHSA-HXJG-2JVF-H3RX

Affected Products

Org.Jenkins-Ci.Main:Jenkins-Core

PT-2025-54708 · Maven · Org.Jenkins-Ci.Main:Jenkins-Core

Weakness Enumeration

Related Identifiers

Affected Products

References · 5