CVE-2025-27622

Publication date

2025-03-05 22:33:34

Family

jenkins

State

PUBLISHED

Description

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.