← Volver a CVEs
CVE-2025-53655
MEDIUM5.3
Descripcion
Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/9/2025
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
jenkins:statistics_gatherer
Debilidades (CWE)
CWE-256
Referencias
https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3554(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2025/07/09/4(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.