PT-2025-38151

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier Description Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without...

GHSA-4653-RMCH-3G2G Jenkins has Information Disclosure via Sidepanel Widget

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...