CVE-2025-27623

Publication date

2025-03-05 22:33:35

Family

jenkins

State

PUBLISHED

Description

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.