Jenkins Applitools Eyes Plugin vulnerability does not mask API keys on its job configuration form

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

Published by the National Vulnerability Database Jul 9, 2025

Published to the GitHub Advisory Database Jul 9, 2025

Reviewed Jul 9, 2025

Last updated Jul 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Insufficiently Protected Credentials

CVE ID

GHSA ID

Source code

Uh oh!