Jenkins Xooa Plugin 0.0.7 and earlier does not mask the Xooa Deployment Token on the global configuration form, increasing the potential for attackers to observe and capture it.Referenceshttps://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3522
