Severity
Medium
Analysis Summary
CVE-2025-59475 CVSS:4.3
Jenkins weekly and LTS could allow a remote authenticated attacker to obtain limited information about the Jenkins configuration, caused by not perform a permission check for the authenticated user profile dropdown menu.
CVE-2025-59476 CVSS:5.3
Jenkins weekly and LTS could allow a remote attacker to insert forged log messages, caused by not restrict or transform the characters that can be inserted from user-specified content in log messages.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-59475
CVE-2025-59476
Affected Vendors
- Jenkins
Affected Products
- Jenkins weekly and LTS
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.