Security Advisory

CVE-2025-27622

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-05 22:33:34

Last updated 2025-03-06 16:19:56

Assigner jenkins

State PUBLISHED

Description

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.

← Browse all CVEs View on cve.org ↗