How severe is CVE-2025-31727?

CVE-2025-31727 has a CVSS v3 score of 5.5 (MEDIUM).

CVE-2025-31727

Name: asakusasatellite
Author: jenkins

5.5MEDIUM

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Re

Опубликовано: 4/2/2025Обновлено: 4/17/2025

Описание

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

ИИ-АнализНа базе ИИ

Затронутые продукты

jenkinsasakusasatellite

Ссылки

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523
Vendor Advisory