VDB

CESS-2025-31727

CESS-2025-31727 PUBLISHED CVSS 5.5 MEDIUM

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Timeline

  • Apr 2, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›