Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
References
Configurations
No configuration.
History
03 Apr 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-549 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
Summary |
|
02 Apr 2025, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-02 15:16
Updated : 2025-04-03 21:15
NVD link : CVE-2025-31727
Mitre link : CVE-2025-31727
CVE.ORG link : CVE-2025-31727
JSON object : View
Products Affected
No product.
CWE
CWE-549
Missing Password Field Masking