CVE-2025-59474

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier

Description Jenkins does not perform a permission check in the sidepanel of a page accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through the sidepanel executors widget.

Recommendations Update Jenkins to a version later than 2.527. Update Jenkins LTS to a version later than 2.516.2.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

BDU:2025-13143

BIT-JENKINS-2025-59474

CVE-2025-59474

GHSA-67V4-38H7-9JJP

Affected Products

Jenkins

Red Os

CVE-2025-59474

Weakness Enumeration

Related Identifiers

Affected Products

References · 11