Cloudbees · Jenkins · CVE-2025-59474
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions 2.527 and earlier
Jenkins LTS versions 2.516.2 and earlier
**Description**
Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through the sidepanel executors widget.
**Recommendations**
Update Jenkins to a version later than 2.527.
Update Jenkins LTS to a version later than 2.516.2.