1. Home
  2. CVE Database
  3. CVE-2025-64146
MEDIUM · 4.3

CVE-2025-64146

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to...

Vulnerability Description

Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
JenkinsCurseforge Publisher1.0

Related Weaknesses (CWE)

CWE-311

References

FAQ

What is CVE-2025-64146?

CVE-2025-64146 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to...

How severe is CVE-2025-64146?

CVE-2025-64146 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-64146?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Curseforge Publisher.