Vulnerability Description
Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Curseforge Publisher | 1.0 |
Related Weaknesses (CWE)
References
- https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3562Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/10/29/2
FAQ
What is CVE-2025-64147?
CVE-2025-64147 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
How severe is CVE-2025-64147?
CVE-2025-64147 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-64147?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Curseforge Publisher.