CNNVD-202512-1959 Information

CNNVD ID

CNNVD-202512-1959

Related CVE

CVE-2025-67637

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.540及之前版本和LTS 2.528.2及之前版本存在安全漏洞，该漏洞源于构建授权令牌未加密存储，可能被用户查看。

Description (English)

Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. Jenkins 2.540 and previous versions and LTS 2.528.2 and previous versions had a security loophole, which originated from the unencrypted storage of the build-up of authorized tokens and could be viewed by users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-783 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-four-vulnerabilities-dated-10-12-2025-49058

Patch

https://www.jenkins.io/download/