GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins security issue CVE-2025-27623 affects Jenkins versions 2.499 and earlier and LTS 2.492.1 and earlier. The root cause is an encryption handling flaw that fails to redact encrypted secret values in view configuration when accessed via REST/CLI through config.xml, enabling users with View/Re...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

CVE-2025-27622 affects Jenkins 2.499 and earlier, and LTS 2.492.1 and earlier, where encrypted values of secrets stored in agent configuration (config.xml) are not redacted when accessed via REST API or CLI. An attacker with Agent/Extended Read permission can view these encrypted secret values. T...

[SECURITY] Fedora 41 Update: fscrypt-0.3.5-2.fc41

fscrypt is a high-level tool for the management of Linux filesystem encryptio n. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories...

Linux Distros Unpatched Vulnerability : CVE-2022-0171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel b...

Linux Distros Unpatched Vulnerability : CVE-2023-4155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a doubl...

PT-2025-9860 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.499 and earlier, LTS versions 2.492.1 and earlier Description: The issue allows attackers with View/Read permission to view encrypted values of secrets when accessing config.xml of views via REST API or CLI. This occurs...

PT-2025-9859 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.499 and earlier Jenkins LTS versions 2.492.1 and earlier Description: The issue allows attackers with Agent/Extended Read permission to view encrypted values of secrets when accessing config.xml of agents via REST API or CL...

Linux Distros Unpatched Vulnerability : CVE-2021-3981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read...

Jenkins LTS < 2.492.2 / Jenkins weekly < 2.500 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.2 or Jenkins weekly prior to 2.500. It is, therefore, affected by multiple vulnerabilities: - Medium Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not...