/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-27623

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27623

CGA ID

CGA-jfjg-q7fp-4hqv

Severity

Unknown

Summary

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Description

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI.

This allows attackers with View/Read permission to view encrypted values of secrets.

Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of secrets stored in view config.xml accessed via REST API or CLI for users lacking View/Configure permission.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs