CVE-2025-31724

MEDIUM

Jenkins Cadence vManager Plugin <4.0.0-282.v5096a_c2db_275 - Info D...

Title source: llm
STIX 2.1

Description

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

References (1)

Scores

CVSS v3 4.3
EPSS 0.0053
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-256
Status published
Products (2)
jenkins/cadence_vmanager < 4.0.1-286.v9e25a_740b_a_48
org.jenkins-ci.plugins/vmanager-plugin 0 - 4.0.1Maven
Published Apr 02, 2025
Tracked Since Feb 18, 2026