CVE-2025-27623 — Vulnetix

CVE-2025-27623 PUBLISHED

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.

EPSS 0.75% · 73.5th percentile

Risk Scores

EPSS Score

0.75%

73.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.493.0
Bitnami	jenkins	2.493.0

Timeline

Mar 5, 2025 CVE Published
Mar 6, 2025 EPSS Score
Mar 6, 2025 PoC Published
Mar 6, 2025 CVE Updated
Mar 10, 2025 PoC Published
Mar 20, 2025 EPSS Score
Mar 21, 2025 Coalition ESS Score
Mar 22, 2025 Coalition ESS Score
Apr 3, 2025 EPSS Score
Apr 16, 2025 EPSS Score
Apr 30, 2025 EPSS Score
May 14, 2025 EPSS Score

References

https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496 url
https://nvd.nist.gov/vuln/detail/CVE-2025-27623 url

Open in Interactive Console →