Lucene search
+L

29 matches found

nuclei
nuclei
added 2026/02/04 7:0 a.m.15 views

Jenkins Sidepanel - Unauthorized Agent/Queue Exposure

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget. id:...

5.3CVSS7.2AI score0.04735EPSS
Exploits0References3
vulncheck_kev
vulncheck_kev
added 2025/10/17 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS5.8AI score0.04735EPSS
In wildExploits0References22
euvd
euvd
added 2025/10/07 12:30 a.m.11 views

EUVD-2015-5292

Malware in sbrugna...

5CVSS9.1AI score0.02064EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29723

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.04735EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6150

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.0041EPSS
Exploits0References2
osv
osv
added 2025/09/19 9:57 a.m.5 views

BIT-JENKINS-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.7AI score0.04735EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/09/17 6:13 p.m.6 views

CVE-2025-59474

A flaw was found in Jenkins. A missing permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission allows attackers without Overall/Read permission to list agent names via its sidepanel executors widget. Mitigation Mitigation for this issue is...

5.3CVSS6AI score0.04735EPSS
Exploits0References4
snyk
snyk
added 2025/09/17 3:30 p.m.5 views

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization via the sidepanel of an intentionally accessible page. Users lacking Overall/Read permission can access agent names by viewing the executors...

5.3CVSS6.8AI score0.04735EPSS
Exploits0References2
github
github
added 2025/09/17 3:30 p.m.9 views

Jenkins has a missing permission check, allowing users to obtain agent names

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.7AI score0.04735EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/09/17 3:30 p.m.3 views

GHSA-67V4-38H7-9JJP Jenkins has a missing permission check, allowing users to obtain agent names

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS5.9AI score0.04735EPSS
Exploits0References3
nvd
nvd
added 2025/09/17 2:15 p.m.7 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS0.04735EPSS
Exploits0References2
osv
osv
added 2025/09/17 2:15 p.m.8 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.7AI score
Exploits0References2
alpinelinux
alpinelinux
added 2025/09/17 2:15 p.m.5 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.8AI score0.04735EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/17 1:17 p.m.5 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

6.3AI score0.04735EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/17 1:17 p.m.11 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

0.04735EPSS
Exploits0References1
cve
cve
added 2025/09/17 1:17 p.m.50 views

CVE-2025-59474

The connected data confirms CVE-2025-59474 affects Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier, where a missing permission check in the sidepanel allows users lacking Overall/Read to list agent names via the sidepanel executors widget. Root cause: lack of permission enforcement for an ...

5.3CVSS6.3AI score0.04735EPSS
In wildExploits0References2Affected Software1
ptsecurity
ptsecurity
added 2025/09/17 12:0 a.m.7 views

PT-2025-38151

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier Description Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without...

5.3CVSS6.6AI score0.04735EPSS
Exploits0References9
alpinelinux
alpinelinux
added 2025/03/05 11:15 p.m.6 views

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

5.4CVSS7.2AI score0.0041EPSS
Exploits0References1
nvd
nvd
added 2025/03/05 11:15 p.m.13 views

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

5.4CVSS0.0041EPSS
Exploits0References1
osv
osv
added 2025/03/05 11:15 p.m.5 views

CVE-2025-27624

A cross-site request forgery CSRF vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets...

5.4CVSS7AI score
Exploits0References1
Rows per page
Query Builder