CNNVD-202512-1960 Information

CNNVD ID

CNNVD-202512-1960

Related CVE

CVE-2025-67636

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建，部署和自动化任何项目。 Jenkins 2.540及之前版本和LTS 2.528.2及之前版本存在安全漏洞，该漏洞源于缺少权限检查，可能导致攻击者查看加密密码值。

Description (English)

Jenkins is an open-source application for Jenkins. Jenkins, an open-source automated server, provided hundreds of plugins to support construction, deployment and automation of any project. There is a security loophole in Jenkins 2.540 and previous versions and in LTTE 2.528.2 and earlier versions, which stems from a lack of access checks, which may lead the attackers to view encrypted password values.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1809 https://vigilance.fr/vulnerability/Jenkins-Core-LTS-four-vulnerabilities-dated-10-12-2025-49058

Patch

https://www.jenkins.io/download/