Jenkins Cadence vManager Plugin
Moderate fix1 remedy
cpe:2.3:a:jenkins:cadence_vmanager:*:*:*:*:jenkins:*:*
Moderate fix1 remedy
- <= 4.0.0-282.v5096a_c2db_275
Jenkins Cadence vManager Plugin API Key Storage Vulnerability
Vulnerability
Patched
A vulnerability exists in the Jenkins Cadence vManager Plugin versions through 4.0.0-282.v5096a_c2db_275, where Verisium Manager vAPI keys are stored unencrypted in job config.xml files on the Jenkins controller. This exposure allows users with Extended Read permission or access to the Jenkins controller file system to view these API keys.
Impact
The vulnerability allows unauthorized users to access sensitive API keys, which could potentially be misused or lead to further exploitation.
Remediation
Users of the Cadence vManager Plugin should update to version 4.0.1-286.v9e25a_740b_a_48, which encrypts the Verisium Manager vAPI keys when job configurations are saved.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
5.2remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.