Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00021}

epss

{'score': 0.00014}


Wed, 09 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2025-07-09T15:39:39.579Z

Updated: 2025-07-09T19:13:29.205Z

Reserved: 2025-07-08T07:51:59.764Z

Link: CVE-2025-53672

cve-icon Vulnrichment

Updated: 2025-07-09T18:48:09.703Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T16:15:26.713

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-53672

cve-icon Redhat

No data.