CVE-2025-53661

MEDIUM

4.3

Description

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVE Details

CVSS v3.1 Score4.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published7/9/2025

Last Modified11/4/2025

Sourcenvd

Honeypot Sightings0

Affected Products

jenkins:testsigma_test_plan_run

Weaknesses (CWE)

CWE-522

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3515(jenkinsci-cert@googlegroups.com)

http://www.openwall.com/lists/oss-security/2025/07/09/4(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.