
We found results for “”
CVE-2025-27622
Good to know:

Date: March 5, 2025
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing "config.xml" of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Cleartext Storage of Sensitive Information
CWE-312Top Fix

Upgrade Version
Upgrade to version org.jenkins-ci.main:jenkins-core:2.500;org.jenkins-ci.main:jenkins-core:2.492.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |