CVE-2025-27623 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowin…
Medium CVSS: 4.3

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
Vendor
Jenkins
Product
Jenkins
CWE
CWE-312
Yayın Tarihi
2025-03-05 23:15:14
Güncelleme
2025-06-24 00:46:38
Source Identifier
jenkinsci-cert@googlegroups.com
KEV Date Added
-

Kategoriler

CWE-312 Jenkins MEDIUM Jenkins 2025

Referanslar

https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496