Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 09 Jul 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-312 | |
Metrics |
cvssV3_1
|
Wed, 09 Jul 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system. | |
References |
|

Status: PUBLISHED
Assigner: jenkins
Published: 2025-07-09T15:39:39.579Z
Updated: 2025-07-09T19:13:29.205Z
Reserved: 2025-07-08T07:51:59.764Z
Link: CVE-2025-53672

Updated: 2025-07-09T18:48:09.703Z

Status : Awaiting Analysis
Published: 2025-07-09T16:15:26.713
Modified: 2025-07-10T13:17:30.017
Link: CVE-2025-53672

No data.