29 matches found
Jenkins Sidepanel - Unauthorized Agent/Queue Exposure
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget. id:...
VulnCheck KEV: CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
EUVD-2015-5292
Malware in sbrugna...
EUVD-2025-6150
Malicious code in bioql PyPI...
EUVD-2025-29723
Malicious code in bioql PyPI...
BIT-JENKINS-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
A flaw was found in Jenkins. A missing permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission allows attackers without Overall/Read permission to list agent names via its sidepanel executors widget. Mitigation Mitigation for this issue is...
GHSA-67V4-38H7-9JJP Jenkins has a missing permission check, allowing users to obtain agent names
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
Missing Authorization
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization via the sidepanel of an intentionally accessible page. Users lacking Overall/Read permission can access agent names by viewing the executors...
Jenkins has a missing permission check, allowing users to obtain agent names
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
The connected data confirms CVE-2025-59474 affects Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier, where a missing permission check in the sidepanel allows users lacking Overall/Read to list agent names via the sidepanel executors widget. Root cause: lack of permission enforcement for an ...
PT-2025-38151
Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier Description Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...
CVE-2025-27624
A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...