Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins |
|
No data.
References
History
Fri, 18 Jul 2025 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins
Jenkins aqua Security Scanner |
|
| CPEs | cpe:2.3:a:jenkins:aqua_security_scanner:*:*:*:*:*:jenkins:*:* | |
| Vendors & Products |
Jenkins
Jenkins aqua Security Scanner |
Tue, 15 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Wed, 09 Jul 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-311 | |
| Metrics |
cvssV3_1
|
Wed, 09 Jul 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2025-07-09T15:39:28.429Z
Updated: 2025-07-09T19:15:36.546Z
Reserved: 2025-07-08T07:51:59.762Z
Link: CVE-2025-53653
Vulnrichment
Updated: 2025-07-09T18:50:49.718Z
NVD
Status : Analyzed
Published: 2025-07-09T16:15:24.733
Modified: 2025-07-18T17:45:40.817
Link: CVE-2025-53653
Redhat
No data.