GHSA-x9hj-q7xv-fv4v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x9hj-q7xv-fv4v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-x9hj-q7xv-fv4v/GHSA-x9hj-q7xv-fv4v.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-x9hj-q7xv-fv4v
- Aliases
-
- CVE-2025-31724
- Published
- 2025-04-02T15:31:38Z
- Modified
- 2025-04-02T23:12:12.121112Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted
- Details
-
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration.
These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Cadence vManager Plugin 4.0.1-286.v9e25a740ba_48 stores Verisium Manager vAPI keys encrypted once affected job configurations are saved again.
- Database specific
{ "nvd_published_at": "2025-04-02T15:15:59Z", "cwe_ids": [ "CWE-312" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-02T22:45:33Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:vmanager-plugin
Package
- Name
- org.jenkins-ci.plugins:vmanager-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/vmanager-plugin
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0.1
Affected versions
1.*
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
2.*
2.0
2.2
2.3
2.4
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.7.0
2.7.1
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.2.0
3.2.1
3.2.1.1
3.2.1.2
3.2.1.3
3.2.1.4
3.2.1.5
3.2.1.6
3.2.1.7
4.*
4.0.0-268.v6360f91a_3d40
4.0.0-273.va_1c3509b_6603
4.0.0-282.v5096a_c2db_275