Lucene search
K

59 matches found

Snyk
Snyk
added 2025/04/02 3:31 p.m.4 views

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization in the doCreateItem method. A user with Computer/Create permission can copy an agent and thereby access encrypted secrets in its configuration...

5.3CVSS6.8AI score0.00727EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/02 3:15 p.m.4 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

4.3CVSS7.7AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2025/04/02 3:15 p.m.20 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

4.3CVSS0.00375EPSS
Exploits0References1
OSV
OSV
added 2025/04/02 3:15 p.m.9 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

4.3CVSS6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/02 2:59 p.m.11 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

6.9AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.6 views

PT-2025-14511 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.503 and earlier Jenkins LTS versions 2.492.2 and earlier Description: A missing permission check in Jenkins allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gainin...

4.3CVSS5.8AI score0.00375EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.10 views

Jenkins LTS < 2.492.3 / Jenkins weekly < 2.504 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.3 or Jenkins weekly prior to 2.504. It is, therefore, affected by multiple vulnerabilities: - A missing permission check in Jenkins 2.503 and earlier, LTS 2.492...

4.3CVSS6.3AI score0.0039EPSS
Exploits0References3
OSV
OSV
added 2025/03/07 8:56 p.m.9 views

BIT-JENKINS-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.5AI score0.00727EPSS
Exploits0References2
OSV
OSV
added 2025/03/07 8:55 p.m.8 views

BIT-JENKINS-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS6.5AI score0.00317EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/06 5:48 a.m.8 views

CVE-2025-27623

A flaw was found in Jenkins. Affected versions of Jenkins do not redact encrypted values of secrets when accessing the config.xml of views via REST API or CLI. This flaw allows attackers with view/read permission to view encrypted values of secrets...

4.3CVSS6.7AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2025/03/06 12:31 a.m.6 views

GHSA-RFH6-9R2Q-98VF Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

4.3CVSS7.2AI score0.00317EPSS
Exploits0References4
OSV
OSV
added 2025/03/06 12:31 a.m.4 views

GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

4.3CVSS6.9AI score0.00727EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/06 12:31 a.m.14 views

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

4.3CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/06 12:31 a.m.15 views

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

4.3CVSS6.7AI score0.00727EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/05 11:15 p.m.5 views

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2025/03/05 11:15 p.m.13 views

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS0.00317EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/03/05 11:15 p.m.4 views

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS7.1AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/03/05 11:15 p.m.5 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.9AI score0.00727EPSS
Exploits0References1
NVD
NVD
added 2025/03/05 11:15 p.m.17 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS0.00727EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/03/05 11:15 p.m.7 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS7.1AI score0.00727EPSS
Exploits0References1
Rows per page
Query Builder