Home

Description

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

PUBLISHED Reserved 2025-04-01 | Published 2025-04-02 | Updated 2025-04-02 | Assigner jenkins

Product status

Default status
affected

2.492.3 (maven) before 2.492.*
unaffected

2.504 (maven) before *
unaffected

References

www.jenkins.io/security/advisory/2025-04-02/ (Jenkins Security Advisory 2025-04-02) vendor-advisory

cve.org (CVE-2025-31721)

nvd.nist.gov (CVE-2025-31721)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.