Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it.
2025-07-09T16:15:24.937
2025-07-18T17:39:43.120
Analyzed
CVSSv3.1: 5.3 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | jenkins | statistics_gatherer | ≤ 2.0.3 | Yes |