Main Vulnerability Database Vulnerabilities #VU106946

Cleartext storage of sensitive information in Cadence vManager - CVE-2025-31724

Published: April 3, 2025

Vulnerability identifier: #VU106946

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-31724

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
Cadence vManager

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin stores Verisium Manager vAPI keys unencrypted in job "config.xml" files on the Jenkins controller as part of its configuration. A remote user can disclose sensitive information.

How to mitigate CVE-2025-31724

Install updates from vendor's website.

Sources

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537

Cleartext storage of sensitive information in Cadence vManager - CVE-2025-31724

Detailed vulnerability description

How to mitigate CVE-2025-31724

Sources

Please verify you're human