5.3

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsStatistics Gatherer SwPlatformjenkins Version <= 2.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.228
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-256 Plaintext Storage of a Password

The product stores a password in plaintext within resources such as memory or files.

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3554
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/07/09/4