CVE-2025-53672

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53672

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53672.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53672

Aliases

GHSA-cvg7-767r-w3fq

Published

2025-07-09T16:15:26.713Z

Modified

2026-04-10T05:32:15.393157Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

References

Affected packages

Git / github.com/jenkinsci/kryptowire-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/kryptowire-plugin

Events

Introduced

Last affected

4e87a12799f7cc1db8e9e30c7c2eacd83980952f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2"
        }
    ]
}

Affected versions

kryptowire-0.*

kryptowire-0.2

Other

untagged-0896f57f85e303132f7f

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53672.json"