- Description
- Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-312
- Hype score
- Not currently trending
#VulnAlert 🚨 CVE-2025-27622, -27623, -27624, -27625: Múltiples vulnerabilidades en Jenkins (gravedad media). Permiten a atacantes ver valores secretos cifrados y almacenar contenido malicioso en perfiles de otros usuarios. 📢 Aviso del proveedor: https://t.co/hpesK1GBm2
@Cyph3R_CyberSec
12 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Jenkins、暗号化された秘密情報の漏洩やクロスサイトリクエストフォージェリ (CSRF) などの複数の脆弱性を修正(CVE-2025-27622,CVE-2025-27623) #セキュリティ対策Lab #セキュリティ #Security https://t.co/NvRQGWJrv6
@securityLab_jp
10 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27622, -27623, -27624: Multiple vulns in Jenkins, medium rating❗️ Vulns allow attackers to view encrypted secret values and store content in users' profiles. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/WpOOGQB7D2 #cybersecurity #vulnerability_map https:
@Netlas_io
7 Mar 2025
85 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Encrypted Secrets Exposure and CSRF Vulnerabilities in Jenkins 📅 Timeline: Disclosure: 2025-03-05, Patch: 2025-03-05 📌 Attribution: Microsoft Threat Intelligence Center (MSTIC) 🆔 CVE ID: CVE-2025-27622 📊 Base Score: 4.3 📏 CVSS Metrics:… http
@syedaquib77
6 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes