{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53674", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2025-07-08T07:51:59.764Z", "datePublished": "2025-07-09T15:39:40.807Z", "dateUpdated": "2025-07-09T19:13:17.415Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-07-09T15:39:40.807Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Sensedia Api Platform tools Plugin", "versions": [{"version": "1.0", "status": "affected"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it."}], "references": [{"name": "Jenkins Security Advisory 2025-07-09", "url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551", "tags": ["vendor-advisory"]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-256", "lang": "en", "description": "CWE-256 Plaintext Storage of a Password"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T18:46:58.282404Z", "id": "CVE-2025-53674", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T19:13:17.415Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53674", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2025-07-08T07:51:59.764Z", "datePublished": "2025-07-09T15:39:40.807Z", "dateUpdated": "2025-07-09T19:13:17.415Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-07-09T15:39:40.807Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins Sensedia Api Platform tools Plugin", "versions": [{"version": "1.0", "status": "affected"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it."}], "references": [{"name": "Jenkins Security Advisory 2025-07-09", "url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551", "tags": ["vendor-advisory"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-53674", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-09T18:46:58.282404Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T18:47:00.452Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:sensedia_api_platform_tools:1.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "2337ECFE-1EEB-4A6A-885B-C34F08A50E7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it."}, {"lang": "es", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 no enmascara el token de integraci\u00f3n de Sensedia API Manager en el formulario de configuraci\u00f3n global, lo que aumenta la posibilidad de que los atacantes lo observen y lo capturen."}], "id": "CVE-2025-53674", "lastModified": "2025-10-01T20:26:48.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-09T16:15:26.927", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}