Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
History

Wed, 09 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-256
CWE-522
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2025-07-09T15:39:32.515Z

Updated: 2025-07-09T19:14:51.404Z

Reserved: 2025-07-08T07:51:59.762Z

Link: CVE-2025-53660

cve-icon Vulnrichment

Updated: 2025-07-09T18:49:42.152Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T16:15:25.433

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-53660

cve-icon Redhat

No data.