Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2025/04/02 3:31 p.m.20 views

Jenkins Missing Permission Check

Jenkins 2.503 and earlier, LTS 2.492.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. This is due to an...

4.3CVSS6.9AI score0.00375EPSS
Exploits0References4Affected Software1
Chainguard
Chainguard
added 2025/03/17 4:12 a.m.34 views

CVE-2025-27622 vulnerabilities

Vulnerabilities for packages: jenkins...

4.3CVSS7.2AI score0.00727EPSS
Exploits0
Circl
Circl
added 2025/03/06 1:18 a.m.8 views

CVE-2025-27622

creationtimestamp| type| source ---|---|--- 2025-03-06 01:18:18+00:00| seen| https://t.me/cvedetector/19662 2025-03-06 03:34:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljoks7k2u72a 2025-03-06 16:34:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6708 2025-03-10...

4.3CVSS6.4AI score0.00727EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/03/06 12:31 a.m.8 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1820 more potentially affected by CVE-2025-27622 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.492.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2025-27622 Source advisory: OSV:GHSA-P34J-R3CH-C985...

4.3CVSS6.3AI score0.00727EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/05 11:41 p.m.5 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +498 more potentially affected by CVE-2025-27622 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.1)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-276...

4.3CVSS6.3AI score0.00727EPSS
Exploits0
NVD
NVD
added 2025/03/05 11:15 p.m.17 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS0.00727EPSS
Exploits0References1
OSV
OSV
added 2025/03/05 11:15 p.m.5 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/05 10:33 p.m.21 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

0.00727EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 10:33 p.m.7 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

7AI score0.00727EPSS
Exploits0References1
Rows per page
Query Builder