CVE-2025-59475
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-11-04
Assigner: Jenkins Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkins | jenkins | to 2.516.3 (exc) |
| jenkins | jenkins | to 2.528 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Jenkins versions 2.527 and earlier, including LTS 2.516.2 and earlier, occurs because the system does not perform a permission check for the authenticated user's profile dropdown menu. As a result, attackers who do not have Overall/Read permission can still access limited information about the Jenkins configuration by viewing the options available in this menu, such as whether the Credentials Plugin is installed.
How can this vulnerability impact me? :
The vulnerability allows attackers without proper permissions to gain limited information about the Jenkins configuration. This information disclosure could potentially aid attackers in planning further attacks or exploiting other vulnerabilities by revealing installed plugins or configuration details that should be restricted.