CVE-2025-53677 – io.jenkins.plugins:xooa

Package

Manager: maven
Name: io.jenkins.plugins:xooa
Vulnerable Version: >=0 <=0.0.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0004 pctl0.11268

Details

Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it.

Metadata

Created: 2025-07-09T18:30:47Z
Modified: 2025-07-09T22:35:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-23j7-px3w-jwp2/GHSA-23j7-px3w-jwp2.json
CWE IDs: ["CWE-256"]
Alternative ID: GHSA-23j7-px3w-jwp2
Finding: F085
Auto approve: 1