Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-67637 - Vulnerability Database

Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-67637

Medium

Reference: CVE-2025-67637

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-67637

Title: Jenkins Cleartext Storage of Sensitive Information Vulnerability

Overview:

Jenkins 2.540 and earlier LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.