CNNVD-202509-2783 Information
CNNVD ID
CNNVD-202509-2783
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 2.527及之前版本和LTS 2.516.2及之前版本存在安全漏洞,该漏洞源于未在侧边栏执行权限检查,可能导致缺乏Overall或Read权限的攻击者通过侧边栏执行器部件列出代理名称。
Description (English)
Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. There is a security loophole in Jenkins 2.527 and previous versions and in LTTE 2.516.2 and earlier versions, which stems from the failure to perform a control check in the sidebar, which may result in the assailant lacking Overall or Read privileges listing proxy names through sidebar execution parts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Jenkins
Published
2025-09-17
Last Modified
2026-02-24
References
https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3594 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-multiple-vulnerabilities-dated-17-09-2025-48247
Patch
https://www.jenkins.io/download/
Share on: