Moderate severityNVD Advisory· Published Mar 5, 2025· Updated Mar 6, 2025
CVE-2025-27622
CVE-2025-27622
Description
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 2.493, < 2.500 | 2.500 |
org.jenkins-ci.main:jenkins-coreMaven | < 2.492.2 | 2.492.2 |
Affected products
4- osv-coords3 versions
< 2.492.3-r4+ 2 more
- (no CPE)range: < 2.492.3-r4
- (no CPE)range: >= 2.493.0, < 2.504.1
- (no CPE)range: >= 2.493, < 2.500
- Range: 2.492.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-p34j-r3ch-c985ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27622ghsaADVISORY
- www.jenkins.io/security/advisory/2025-03-05/ghsavendor-advisoryWEB
- github.com/jenkinsci/jenkins/commit/923cdbc165e8b8523ae960dfee5f7354878532d5ghsaWEB
News mentions
1- Jenkins Security Advisory 2025-03-05Jenkins Security Advisories · Mar 5, 2025