Vulnerability in Jenkins Nouvola_divecloud

CVE-2025-53670

Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission…

EPSS: 0.001 (3.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-53670?
CVE-2025-53670 is a medium-severity vulnerability in Jenkins Nouvola_divecloud, classified under Cleartext Storage of Sensitive Information. CVSS score: 6.5/10. Published 2025-07-09.
How severe is CVE-2025-53670?
Medium severity. CVSS v3 base score is 6.5 out of 10.