CVE-2025-53742

CWE-312 — Cleartext Storage of Sensitive Info5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 84.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Applitools Eyes Jenkins Project Jenkins Applitools Eyes Plugin

Timeline

PublishedJul 9

Description

Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:applitools-eyes1.16.5

▶CVEListV5jenkins_project/jenkins_applitools_eyes_plugin1.16.5

▶NVDjenkins/applitools_eyes< 1.16.6

🔴Vulnerability Details

OSV

Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users↗2025-07-09

▶

CVEList

CVE-2025-53742: Jenkins Applitools Eyes Plugin 1↗2025-07-09

▶

GHSA

Jenkins Applitools Eyes Plugin vulnerability exposes unencrypted keys to certain authenticated users↗2025-07-09

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2025-07-09↗2025-07-09

▶