← Back

CVE-2025-31726

nvd nist
Published: Apr 2, 2025Modified: Apr 18, 2025

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Exploitability: 2.1 / Impact: 3.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Affected (1)

Jenkins
1 product
Stack Hammer
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Stack Hammer
Up to 1.0.6

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: jenkinsci-cert@googlegroups.com
Vendor Advisory

Timeline

No history available yet.