CVE-2025-53678 – io.jenkins.plugins:user1st-utester

Package

Manager: maven
Name: io.jenkins.plugins:user1st-utester
Vulnerable Version: >=0 <=1.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00017 pctl0.02632

Details

Jenkins User1st uTester Plugin vulnerability exposes unencrypted token to authenticated users Jenkins User1st uTester Plugin 1.1 and earlier stores the uTester JWT token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.

Metadata

Created: 2025-07-09T18:30:47Z
Modified: 2025-07-09T22:36:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-w4xv-mj6v-p4g2/GHSA-w4xv-mj6v-p4g2.json
CWE IDs: ["CWE-311"]
Alternative ID: GHSA-w4xv-mj6v-p4g2
Finding: F020
Auto approve: 1