3 matches found
CVE-2025-53742
CVE-2025-53742 affects Jenkins Applitools Eyes Plugin 1.16.5 and earlier. The vulnerability arises because Applitools API keys are stored unencrypted in job config.xml files on the Jenkins controller, allowing view by users with Item/Extended Read permission or access to the Jenkins controller fi...
CVE-2025-53658
CVE-2025-53658 affects Jenkins Applitools Eyes Plugin (versions 1.16.5 and earlier). The vulnerability is a stored XSS on the build page caused by not escaping the Applitools URL, exploitable by attackers with Item/Configure permission. The issue is confirmed across multiple sources (including Je...
CVE-2025-53743
The CVE-2025-53743 entry affects Jenkins Applitools Eyes Plugin (versions 1.16.5 and earlier). The underlying issue is that Applitools API keys are displayed on the job configuration form and are not masked, enabling potential observation or capture by users with access. Publicly detailed referen...