CVE-2025-53661

{"id": "CVE-2025-53661", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-09T16:15:25.540", "references": [{"url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3515", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them."}, {"lang": "es", "value": "Jenkins Testsigma Test Plan run Plugin 1.6 y versiones anteriores no enmascara las claves API de Testsigma que se muestran en el formulario de configuraci\u00f3n del trabajo, lo que aumenta la posibilidad de que los atacantes las observen y capturen."}], "lastModified": "2025-07-18T17:31:38.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:testsigma_test_plan_run:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "8C31E166-97C4-439B-91BD-5C3425FD3E31", "versionEndIncluding": "1.6"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}