CVE-2025-53675 | THREATINT

Description

Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

PUBLISHED Reserved 2025-07-08 | Published 2025-07-09 | Updated 2025-11-04 | Assigner jenkins

Product status

Default status

unknown

Any version

affected

References

www.openwall.com/lists/oss-security/2025/07/09/4

www.jenkins.io/security/advisory/2025-07-09/ (Jenkins Security Advisory 2025-07-09) vendor-advisory

cve.org (CVE-2025-53675)

nvd.nist.gov (CVE-2025-53675)

Download JSON