Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-53670

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Published: Jul 9, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-53670
GHSA: GHSA-45hr-8gq6-7f7f
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
org.jenkins-ci.plugins / nouvola-divecloud	-	1.08.x
jenkins / nouvola_divecloud	-	1.08.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo