Jenkins Applitools Eyes Plugin 1.16.5 and earlier stores Applitools API keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
2025-07-09T16:15:27.440
2025-09-10T15:50:30.780
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | jenkins | applitools_eyes | < 1.16.6 | Yes |