CVE-2025-53660

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:qmetry_test_management:*:*:*:*:*:jenkins:*:*

History

18 Jul 2025, 17:38

Type Values Removed Values Added
CPE cpe:2.3:a:jenkins:qmetry_test_management:*:*:*:*:*:jenkins:*:*
References () https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3532 - () https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3532 - Vendor Advisory
First Time Jenkins qmetry Test Management
Jenkins

10 Jul 2025, 13:17

Type Values Removed Values Added
Summary
  • (es) Jenkins QMetry Test Management Plugin 1.13 y versiones anteriores no enmascara las claves de API de automatización de Qmetry que se muestran en el formulario de configuración del trabajo, lo que aumenta la posibilidad de que los atacantes las observen y capturen.

09 Jul 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CWE CWE-522
CWE-256

09 Jul 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-09 16:15

Updated : 2025-07-18 17:38


NVD link : CVE-2025-53660

Mitre link : CVE-2025-53660

CVE.ORG link : CVE-2025-53660


JSON object : View

Products Affected

jenkins

  • qmetry_test_management
CWE
CWE-256

Unprotected Storage of Credentials

CWE-522

Insufficiently Protected Credentials