CVE-2025-53667

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:dead_man\'s_snitch:0.1:*:*:*:*:jenkins:*:*

History

18 Jul 2025, 18:43

Type Values Removed Values Added
Summary
  • (es) Jenkins Dead Man's Snitch Plugin 0.1 no enmascara los tokens Dead Man's Snitch que se muestran en el formulario de configuración del trabajo, lo que aumenta la posibilidad de que los atacantes los observen y capturen.
CPE cpe:2.3:a:jenkins:dead_man\'s_snitch:0.1:*:*:*:*:jenkins:*:*
References () https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3524 - () https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3524 - Vendor Advisory
First Time Jenkins
Jenkins dead Man\'s Snitch

09 Jul 2025, 20:15

Type Values Removed Values Added
CWE CWE-522
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

09 Jul 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-09 16:15

Updated : 2025-07-18 18:43


NVD link : CVE-2025-53667

Mitre link : CVE-2025-53667

CVE.ORG link : CVE-2025-53667


JSON object : View

Products Affected

jenkins

  • dead_man\'s_snitch
CWE
CWE-522

Insufficiently Protected Credentials