Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3532 | Vendor Advisory |
Configurations
History
18 Jul 2025, 17:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:jenkins:qmetry_test_management:*:*:*:*:*:jenkins:*:* | |
References | () https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3532 - Vendor Advisory | |
First Time |
Jenkins qmetry Test Management
Jenkins |
10 Jul 2025, 13:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Jul 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-522 CWE-256 |
09 Jul 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-09 16:15
Updated : 2025-07-18 17:38
NVD link : CVE-2025-53660
Mitre link : CVE-2025-53660
CVE.ORG link : CVE-2025-53660
JSON object : View
Products Affected
jenkins
- qmetry_test_management