CVE-2025-53655
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-11-04
Assigner: Jenkins Project
Description
Description
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkins | statistics_gatherer | to 2.0.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Jenkins Statistics Gatherer Plugin version 2.0.3 and earlier, where the AWS Secret Key is not masked on the global configuration form. This means that the secret key is visible and can be observed or captured by attackers who have access to this form.
How can this vulnerability impact me? :
If an attacker observes or captures the AWS Secret Key due to it not being masked, they could potentially misuse the key to access AWS resources, leading to unauthorized access, data breaches, or other malicious activities.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70