Jenkins Sensedia API Platform Tools Plugin Plaintext Token Storage Vulnerability

Vulnerability

A vulnerability exists in Jenkins Sensedia API Platform Tools Plugin versions 1.0 and earlier, where the Sensedia API Manager integration token is stored unencrypted in a global configuration file on the Jenkins controller. This token can be accessed by users with permission to read the Jenkins controller file system.

Impact

The vulnerability allows for unauthorized access to the Sensedia API Manager integration token, which could be misused if the token grants access to sensitive API functionalities or data.

Added: Jul 9, 2025, 4:31 PM

Updated: Jul 9, 2025, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Sensedia API Platform Tools Plugin Plaintext Token Storage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating