CNNVD-202509-2779 Information

CNNVD ID

CNNVD-202509-2779

Related CVE

CVE-2025-59476

• CNNVD Published: 2025-09-17

Description (Chinese)

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.527及之前版本和LTS 2.516.2及之前版本存在安全漏洞，该漏洞源于未限制或转换日志消息中的用户指定内容，可能导致攻击者插入换行符并伪造日志消息。

Description (English)

Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. Jenkins 2.527 and previous versions and LTS 2.516.2 and previous versions have a security loophole, which stems from unrestricted or converted user-specified content in log messages, which may lead to the aggressor inserting line breaks and falsifying log messages.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-09-17

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3424 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-multiple-vulnerabilities-dated-17-09-2025-48247

Patch

https://www.jenkins.io/download/