Jenkins Kryptowire Plugin Plain Text API Key Storage Vulnerability

Vulnerability

A vulnerability exists in the Jenkins Kryptowire Plugin in versions through 0.2, where the Kryptowire API key is stored unencrypted in a global configuration file on the Jenkins controller. This key can be accessed by users with permission to view the Jenkins controller file system.

Impact

The vulnerability allows for unauthorized access to the Kryptowire API key, which could be misused if the key provides access to sensitive functionalities or data within the Kryptowire service.

Added: Jul 9, 2025, 4:33 PM

Updated: Jul 9, 2025, 4:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Kryptowire Plugin Plain Text API Key Storage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating