GHSA-w4xv-mj6v-p4g2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w4xv-mj6v-p4g2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-w4xv-mj6v-p4g2/GHSA-w4xv-mj6v-p4g2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w4xv-mj6v-p4g2
- Aliases
-
- CVE-2025-53678
- Published
- 2025-07-09T18:30:47Z
- Modified
- 2025-07-09T23:12:26.827698Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users
- Details
-
Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
- Database specific
{ "nvd_published_at": "2025-07-09T16:15:27Z", "github_reviewed_at": "2025-07-09T22:36:35Z", "github_reviewed": true, "severity": "LOW", "cwe_ids": [ "CWE-311" ] }- References
Affected packages
Maven / io.jenkins.plugins:user1st-utester
Package
- Name
- io.jenkins.plugins:user1st-utester
- View open source insights on deps.dev
- Purl
- pkg:maven/io.jenkins.plugins/user1st-utester