CVE-2025-53674

MEDIUM4.3EPSS 0.09%

Jenkins Sensedia API Platform Plugin vulnerability exposes unencrypted tokens

Published: 7/9/2025Modified: 11/5/2025

Description

Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it.

Affected packages (1)

Maven/org.jenkins-ci.plugins:sensedia-api-platformfrom 0, <= 1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-53674
PATCHhttps://github.com/jenkinsci/sensedia-api-platform-plugin
WEBhttps://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551
WEBhttp://www.openwall.com/lists/oss-security/2025/07/09/4