Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
2025-07-09T16:15:24.937
2025-07-18T17:39:43.120
Analyzed
CVSSv3.1: 5.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | jenkins | statistics_gatherer | ≤ 2.0.3 | Yes |