CVE-2025-53674 – org.jenkins-ci.plugins:sensedia-api-platform

Package

Manager: maven
Name: org.jenkins-ci.plugins:sensedia-api-platform
Vulnerable Version: >=0 <=1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0004 pctl0.11234

Details

Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it.

Metadata

Created: 2025-07-09T18:30:46Z
Modified: 2025-07-09T22:31:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-vx57-hphr-3mr9/GHSA-vx57-hphr-3mr9.json
CWE IDs: ["CWE-256"]
Alternative ID: GHSA-vx57-hphr-3mr9
Finding: F085
Auto approve: 1