CVE-2025-31720

Summary

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.492.3 < 2.492.*unaffected
Jenkins ProjectJenkins2.504 < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References