CNNVD-202512-1958 Information

CNNVD ID

CNNVD-202512-1958

Related CVE

CVE-2025-67638

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.540及之前版本和LTS 2.528.2及之前版本存在安全漏洞，该漏洞源于未屏蔽构建授权令牌，可能被攻击者观察和捕获。

Description (English)

Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. Jenkins 2.540 and previous versions and LTS 2.528.2 and previous versions had a security loophole, which originated from the unblocked construction of the authorization badge and could be observed and captured by the attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-783 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-four-vulnerabilities-dated-10-12-2025-49058

Patch

https://www.jenkins.io/download/