VYPR
Moderate severityNVD Advisory· Published Mar 5, 2025· Updated Mar 6, 2025

CVE-2025-27624

CVE-2025-27624

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 2.493, < 2.5002.500
org.jenkins-ci.main:jenkins-coreMaven
< 2.492.22.492.2

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

1