CVE-2025-59476

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-59476

Severity

5.3

Medium

CVSS V3

Description

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may mislead administrators reviewing log output.

References

https://images.chainguard.dev/security/CGA-383r-7q35-j99r
https://github.com/advisories/GHSA-qrh5-jg98-cr48
https://images.chainguard.dev/security/CGA-j5rc-mjxh-8449
https://images.chainguard.dev/security/CGA-hjgx-2gm2-9754
https://images.chainguard.dev/security/CGA-4523-32q2-6j53
https://images.chainguard.dev/security/CGA-h44g-4mq8-j7xg
https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3424

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-59476

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company