CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVSS

No CVSS.

References

Link	Resource
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:asakusasatellite:*:*:*:*:*:jenkins:*:*

History

17 Apr 2025, 14:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jenkins:asakusasatellite::::::jenkins::*
References	~~() https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523 -~~	() https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3523 - Vendor Advisory
First Time		Jenkins Jenkins asakusasatellite

02 Apr 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-02 15:16

Updated : 2025-04-17 14:38

NVD link : CVE-2025-31727

Mitre link : CVE-2025-31727

JSON object : View

Products Affected

jenkins

asakusasatellite

CWE

No CWE.

JSON object

Attach tags to CVE-2025-31727

Attach tags to `CVE-2025-31727`