icon

We found results for “

CVE-2025-31724

Good to know:

icon

Date: April 2, 2025

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Severity Score

Severity Score

Weakness Type (CWE)

Plaintext Storage of a Password

CWE-256

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

icon

Upgrade Version

Upgrade to version org.jenkins-ci.plugins:vmanager-plugin:4.0.1-286.v9e25a_740b_a_48;https://github.com/jenkinsci/vmanager-plugin.git - 4.0.1-286.v9e25a_740b_a_48

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us