CVE-2025-53671 – org.jenkins-ci.plugins:nouvola-divecloud

Package

Manager: maven
Name: org.jenkins-ci.plugins:nouvola-divecloud
Vulnerable Version: >=0 <=1.08

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00021 pctl0.04076

Details

Jenkins Nouvola DiveCloud Plugin vulnerability does not mask keys on its job configuration form Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Metadata

Created: 2025-07-09T18:30:46Z
Modified: 2025-07-09T21:45:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-4v4v-92cx-x4f4/GHSA-4v4v-92cx-x4f4.json
CWE IDs: ["CWE-256"]
Alternative ID: GHSA-4v4v-92cx-x4f4
Finding: F020
Auto approve: 1