CVE-2025-53677
Jenkins Xooa Plugin vulnerability does not mask its Xooa Deployment Token
4.3
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it.
How to fix CVE-2025-53677
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2025-53677 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.0.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |