GHSA-8wp4-r84g-gcmw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8wp4-r84g-gcmw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-8wp4-r84g-gcmw/GHSA-8wp4-r84g-gcmw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8wp4-r84g-gcmw
- Aliases
-
- CVE-2025-53661
- Published
- 2025-07-09T18:30:46Z
- Modified
- 2025-07-09T22:12:17.051764Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins Testsigma Test Plan vulnerability exposes API keys via job configuration form
- Details
-
Jenkins Testsigma Test Plan run Plugin stores Testsigma API keys in job
config.xmlfiles on the Jenkins controller as part of its configuration.While these API keys are stored encrypted on disk, in Testsigma Test Plan run Plugin 1.6 and earlier, the job configuration form does not mask these API keys, increasing the potential for attackers to observe and capture them.
As of publication of this advisory, there is no fix.
- Database specific
{ "github_reviewed_at": "2025-07-09T21:14:44Z", "cwe_ids": [ "CWE-522" ], "nvd_published_at": "2025-07-09T16:15:25Z", "github_reviewed": true, "severity": "LOW" }- References
Affected packages
Maven / io.jenkins.plugins:testsigma
Package
- Name
- io.jenkins.plugins:testsigma
- View open source insights on deps.dev
- Purl
- pkg:maven/io.jenkins.plugins/testsigma