CVE-2025-27622 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowi…
Medium CVSS: 4.3

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
Vendor
Jenkins
Product
Jenkins
CWE
CWE-312
Yayın Tarihi
2025-03-05 23:15:13
Güncelleme
2025-06-24 00:48:40
Source Identifier
jenkinsci-cert@googlegroups.com
KEV Date Added
-

Kategoriler

CWE-312 Jenkins MEDIUM Jenkins 2025

Referanslar

https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495