CNNVD-202509-2780 Information
CNNVD ID
CNNVD-202509-2780
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 2.527及之前版本和LTS 2.516.2及之前版本存在安全漏洞,该漏洞源于未对认证用户配置文件下拉菜单执行权限检查,可能导致未经授权的配置信息泄露。
Description (English)
Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. Jenkins 2.527 and previous versions and LTS 2.516.2 and previous versions have a security loophole, which stems from the failure to perform permission checks on the drop-down menu of the authentication user profile, which may lead to unauthorized information leaking on the configuration.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Jenkins
Published
2025-09-17
Last Modified
2026-02-24
References
https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3625 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-multiple-vulnerabilities-dated-17-09-2025-48247
Patch
https://www.jenkins.io/download/
Share on: