PT-2025-50357 · Cloudbees+2 · Jenkins+1
Published
2025-12-10
·
Updated
2025-12-23
·
CVE-2025-67639
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins versions 2.540 and earlier
Jenkins LTS versions 2.528.2 and earlier
Description
A cross-site request forgery (CSRF) issue exists in Jenkins that could allow an attacker to trick users into logging in to the attacker’s account. A CSRF attack leverages a user’s existing authentication to perform actions on their behalf without their knowledge.
Recommendations
Update Jenkins to a version later than 2.540.
Update Jenkins LTS to a version later than 2.528.2.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Red Os