CVE-2025-67636

Summary

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.541 < *unaffected
Jenkins ProjectJenkins2.528.3 < 2.528.*unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References