The vulnerability of the QMetry Test Management plugin for Jenkins’ automation server lies in the fact that the API keys of Qmetry Automation are stored publicly, allowing an attacker to gain unauthorized access to the protected information.

The vulnerability of the QMetry Test Management plugin for the Jenkins automation server lies in the fact that API keys from Qmetry Automation are stored publicly in the config.xml file. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Jenkins QMetry Test Management Plugin vulnerability exposes API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins QMetry Test Management Plugin stores unencrypted API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-53660

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53660

Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53660

CVE-2025-53660 affects Jenkins QMetry Test Management Plugin 1.13 and earlier. The vulnerability stems from Qmetry Automation API Keys being stored unencrypted in job config.xml and displayed on the job configuration form without masking, enabling observers with Item/Extended Read permissions or ...

CVE-2025-53659

Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins plugin QMetry Test Management 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-28911 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller. These keys are accessible ...

PT-2025-28912 · Jenkins · Jenkins Qmetry Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry Test Management Plugin versions 1.13 and earlier Description: The Jenkins QMetry Test Management Plugin does not properly protect Qmetry Automation API Keys. These keys are stored unencrypted in job config.xml files on the...

Jenkins plugin QMetry Test Management 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...