CVE-2025-53665

{"id": "CVE-2025-53665", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-09T16:15:25.937", "references": [{"url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3540", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them."}, {"lang": "es", "value": "Jenkins Apica Loadtest Plugin 1.10 y versiones anteriores no enmascaran los tokens de autenticaci\u00f3n LTP de Apica Loadtest que se muestran en el formulario de configuraci\u00f3n del trabajo, lo que aumenta la posibilidad de que los atacantes los observen y capturen."}], "lastModified": "2025-07-18T18:42:51.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:apica_loadtest:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "BA9B2D69-D7FF-431C-86E8-7682FE08D643", "versionEndIncluding": "1.10"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}