CVE-2025-53667 – org.jenkins-ci.plugins:deadmanssnitch

Package

Manager: maven
Name: org.jenkins-ci.plugins:deadmanssnitch
Vulnerable Version: >=0 <=0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00046 pctl0.13753

Details

Jenkins Dead Man's Snitch Plugin vulnerability does not mask tokens Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Metadata

Created: 2025-07-09T18:30:46Z
Modified: 2025-07-09T21:29:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-m248-72rh-cpx4/GHSA-m248-72rh-cpx4.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-m248-72rh-cpx4
Finding: F035
Auto approve: 1