CVE-2025-53674

{"id": "CVE-2025-53674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-07-09T16:15:26.927", "references": [{"url": "https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3551", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe and capture it."}, {"lang": "es", "value": "Jenkins Sensedia Api Platform tools Plugin 1.0 no enmascara el token de integraci\u00f3n de Sensedia API Manager en el formulario de configuraci\u00f3n global, lo que aumenta la posibilidad de que los atacantes lo observen y lo capturen."}], "lastModified": "2025-10-01T20:26:48.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:sensedia_api_platform_tools:1.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2337ECFE-1EEB-4A6A-885B-C34F08A50E7A"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}