4.3
CVSS CVSS_V3
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml
of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.