CVE-2025-59474

Summary

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins0 < 2.387unaffected
Jenkins ProjectJenkins2.516.3 < 2.516.*unaffected
Jenkins ProjectJenkins2.528 < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References