CVE-2025-27622 Information

Mar 07, 2025 cve

Description

Jenkins 2.499 and earlier LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.

Reference

https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495

Share on: