CNNVD-202512-1957 Information

CNNVD ID

CNNVD-202512-1957

Related CVE

CVE-2025-67639

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.540及之前版本和LTS 2.528.2及之前版本存在安全漏洞，该漏洞源于跨站请求伪造漏洞，可能诱使用户登录攻击者账户。

Description (English)

Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. Jenkins 2.540 and previous versions and LTS 2.528.2 and previous versions had a security loophole, which stemmed from cross-site requests to forge a loophole that could induce users to enter the attackers ’ accounts.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1166 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-four-vulnerabilities-dated-10-12-2025-49058

Patch

https://www.jenkins.io/download/