CVE-2025-53657
MEDIUMJenkins ReadyAPI Functional Testing Plugin <1.11 - Info Disclosure
Title source: llmDescription
Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
8.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (2)
jenkins/readyapi_functional_testing
< 1.11
org.jenkins-ci.plugins/soapui-pro-functional-testing
Maven
Timeline
Published
Jul 09, 2025
Tracked Since
Feb 18, 2026