PT-2025-38152 · Jenkins+1 · Jenkins+2

Daniel Beck

Published

2025-09-17

Updated

2025-10-22

CVE-2025-59475

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier

Description Jenkins does not perform a permission check for the authenticated user profile dropdown menu. This allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu, such as whether the Credentials Plugin is installed.

Recommendations Update Jenkins to a version later than 2.527. Update Jenkins LTS to a version later than 2.516.2.

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

BDU:2025-13362

BIT-JENKINS-2025-59475

CVE-2025-59475

GHSA-223M-4RFP-646H

Affected Products

Credentials Plugin

Jenkins

Red Os

PT-2025-38152 · Jenkins+1 · Jenkins+2

CVE-2025-59475

Weakness Enumeration

Related Identifiers

Affected Products

References · 12