CVE-2025-53667
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-09

Last updated on: 2025-11-04

Assigner: Jenkins Project

Description
Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-09
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-07-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53667
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jenkins dead_man\s_snitch 0.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Jenkins Dead Man's Snitch Plugin 0.1 causes the Dead Man's Snitch tokens to be displayed in plain text on the job configuration form, meaning they are not masked. This increases the risk that attackers can see and capture these tokens.


How can this vulnerability impact me? :

If an attacker observes or captures the unmasked Dead Man's Snitch tokens, they could potentially misuse these tokens to interfere with or manipulate Jenkins job monitoring or notifications, leading to unauthorized actions or loss of monitoring integrity.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid exposing Dead Man's Snitch tokens in the Jenkins job configuration form. Limit access to the Jenkins configuration pages to trusted users only, and consider updating or patching the Dead Man's Snitch Plugin if a fixed version becomes available.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart