CVE-2025-53660

MEDIUM

4.3

Description

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE Details

CVSS v3.1 Score4.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published7/9/2025

Last Modified11/4/2025

Sourcenvd

Honeypot Sightings0

Affected Products

jenkins:qmetry_test_management

Weaknesses (CWE)

CWE-256CWE-522

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3532(jenkinsci-cert@googlegroups.com)

http://www.openwall.com/lists/oss-security/2025/07/09/4(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.