Home > Vulnerability Database > CVE-2025-31724

Mend.io Vulnerability Database

CVE-2025-31724

Good to know:

Date: April 2, 2025

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Severity Score

4.3

Related Resources (5)

Url: https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537

Url: https://github.com/jenkinsci/vmanager-plugin

Url: https://github.com/jenkinsci/vmanager-plugin/commit/9e25a740ba4837ef528c73b621259e840ef0db75

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-31724

Url: https://www.mend.io/vulnerability-database/CVE-2025-31724

Severity Score

4.3

Weakness Type (CWE)

Plaintext Storage of a Password

CWE-256

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:vmanager-plugin:4.0.1-286.v9e25a_740b_a_48;https://github.com/jenkinsci/vmanager-plugin.git - 4.0.1-286.v9e25a_740b_a_48

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-31724

Good to know:

Date: April 2, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?