Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
History

Wed, 09 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-256
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2025-07-09T15:39:29.610Z

Updated: 2025-07-09T19:15:24.586Z

Reserved: 2025-07-08T07:51:59.762Z

Link: CVE-2025-53655

cve-icon Vulnrichment

Updated: 2025-07-09T18:50:33.539Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T16:15:24.937

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-53655

cve-icon Redhat

No data.