March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Cobalt Strike Malware – Active IOCs
March 10, 2025Multiple Fortinet Products Vulnerabilities
March 10, 2025Cobalt Strike Malware – Active IOCs
March 10, 2025Multiple Fortinet Products Vulnerabilities
March 10, 2025
Severity
Medium
Analysis Summary
CVE-2025-27622 CVSS:4.3
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.
CVE-2025-27623 CVSS:4.3
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-27622
CVE-2025-27623
Affected Vendors
- Jenkins
Affected Products
- Jenkins weekly up to and including 2.499
- Jenkins LTS up to and including 2.492.1
Remediation
Upgrade to the latest version of Jenkins Plugin, available from the Jenkins Security Advisory.