← Back to CVEs
CVE-2025-31724
MEDIUM4.3
Description
Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/2/2025
Last Modified4/17/2025
Sourcenvd
Honeypot Sightings0
Affected Products
jenkins:cadence_vmanager
Weaknesses (CWE)
CWE-256
References
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537(jenkinsci-cert@googlegroups.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.