7 matches found
CVE-2025-27624 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...
CVE-2025-27624
creationtimestamp| type| source ---|---|--- 2025-03-06 01:18:16+00:00| seen| https://t.me/cvedetector/19660 2025-03-06 03:34:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljoks7ayuy2f 2025-03-06 16:34:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6713 2025-08-18...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +498 more potentially affected by CVE-2025-27624 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.1)
org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27624https://vulners.com/cve/CVE-2025-276...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...
CVE-2025-27624
CVE-2025-27624 : Jenkins versions 2.499 and earlier, and LTS 2.492.1 and earlier, are affected by a CSRF vulnerability that lets an attacker toggle the collapsed/expanded state of sidepanel widgets (e.g., Build Queue, Build Executor Status) in affected users. The issue arises from the HTTP endpoi...