CVE Vulnerabilities

CVE-2025-53655

Plaintext Storage of a Password

Published: Jul 09, 2025 | Modified: Jul 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.

Weakness

Storing a password in plaintext may result in a system compromise.

Affected Software

Name Vendor Start Version End Version
Statistics_gatherer Jenkins * 2.0.3 (including)

Potential Mitigations

References