← Volver a CVEs
CVE-2025-53654
MEDIUM6.5
Descripcion
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado7/9/2025
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
jenkins:statistics_gatherer
Debilidades (CWE)
CWE-522
Referencias
https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3554(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2025/07/09/4(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.