CVE-2025-31724

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-256
View all →

Vulnerability Description

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Related Vulnerabilities

CVE-2023-2632

MEDIUM
CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permissi...

CWE-2562023

CVE-2023-2633

MEDIUM
CVSS:4.3(Medium)

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CWE-2562023

CVE-2024-31899

MEDIUM
CVSS:4.3(Medium)

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.

CWE-2562024

CVE-2025-43005

MEDIUM
CVSS:4.3(Medium)

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrit...

CWE-2562025

CVE-2023-50956

MEDIUM
CVSS:4.4(Medium)

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CWE-2562023

CVE-2024-25052

MEDIUM
CVSS:4.4(Medium)

IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.

CWE-2562024