Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00021}

epss

{'score': 0.00014}


Wed, 09 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-312
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 09 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2025-07-09T15:39:55.473Z

Updated: 2025-07-09T17:42:04.961Z

Reserved: 2025-07-09T07:21:20.902Z

Link: CVE-2025-53742

cve-icon Vulnrichment

Updated: 2025-07-09T17:40:39.717Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-09T16:15:27.440

Modified: 2025-07-10T13:17:30.017

Link: CVE-2025-53742

cve-icon Redhat

No data.