GHSA-jmrv-rxgr-phvr

Source

https://github.com/advisories/GHSA-jmrv-rxgr-phvr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-jmrv-rxgr-phvr/GHSA-jmrv-rxgr-phvr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jmrv-rxgr-phvr

Aliases

CVE-2025-53743

Published

2025-07-09T18:30:47Z

Modified

2025-07-09T23:12:27.060719Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form

Details

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Database specific

{
    "github_reviewed_at": "2025-07-09T22:38:56Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "nvd_published_at": "2025-07-09T16:15:27Z",
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

Maven / org.jenkins-ci.plugins:applitools-eyes

Package

Name: org.jenkins-ci.plugins:applitools-eyes; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/applitools-eyes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.16.5

Affected versions

1.*

1.3

1.4

1.5

1.6

1.7

1.8

1.10

1.12

1.13

1.14

1.14.1

1.15

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0

1.16.1

1.16.2

1.16.3

1.16.4

1.16.5