Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Wed, 09 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-312 | |
Metrics |
cvssV3_1
|
Wed, 09 Jul 2025 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |
References |
|

Status: PUBLISHED
Assigner: jenkins
Published: 2025-07-09T15:39:55.473Z
Updated: 2025-07-09T17:42:04.961Z
Reserved: 2025-07-09T07:21:20.902Z
Link: CVE-2025-53742

Updated: 2025-07-09T17:40:39.717Z

Status : Awaiting Analysis
Published: 2025-07-09T16:15:27.440
Modified: 2025-07-10T13:17:30.017
Link: CVE-2025-53742

No data.