CVE-2025-31727

MEDIUM Year: 2025
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-549
View all →

Vulnerability Description

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Related Vulnerabilities

CVE-2025-31728

MEDIUM
CVSS:5.5(Medium)

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-5492025

CVE-2022-20914

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerab...

CWE-5492022

CVE-2024-10122

MEDIUM
CVSS:4.9(Medium)

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Deta...

CWE-5492024

CVE-2023-2062

MEDIUM
CVSS:6.2(Medium)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know ...

CWE-5492023

CVE-2022-1342

MEDIUM
CVSS:4.6(Medium)

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed ...

CWE-5492022

CVE-2023-1763

MEDIUM
CVSS:6.5(Medium)

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive inf...

CWE-5492023