Detections
Analytics
Jenkins LTS < 2.492.2 / Jenkins weekly < 2.500 Multiple Vulnerabilities
medium Nessus Plugin ID 227562
Synopsis
An application running on a remote web server host is affected by multiple vulnerabilitiesDescription
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.492.2 or Jenkins weekly prior to 2.500. It is, therefore, affected by multiple vulnerabilities:- Medium Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not require POST requests for the HTTP endpoint toggling collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets), resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets. Additionally, as the API accepts any string as the identifier of the panel ID to be toggled, attacker-controlled content can be stored in the victim's user profile in Jenkins. Jenkins 2.500, LTS 2.492.2 requires POST requests for the affected HTTP endpoint. (CVE-2025-27624)
- Medium Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. This issue is related to SECURITY-266 in the 2016-05-11 security advisory. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of secrets stored in agent config.xml accessed via REST API or CLI for users lacking Agent/Configure permission. (CVE-2025-27622)
- Medium Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. This issue is related to SECURITY-266 in the 2016-05-11 security advisory.
Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of secrets stored in view config.xml accessed via REST API or CLI for users lacking View/Configure permission. (CVE-2025-27623)
- Medium Various features in Jenkins redirect users to partially user-controlled URLs inside Jenkins. To prevent open redirect vulnerabilities, Jenkins limits redirections to safe URLs (neither absolute nor scheme-relative/network-path reference). In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (\) characters are considered safe. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects. Jenkins 2.500, LTS 2.492.2 considers redirects to URLs starting with backslash (\) characters to be unsafe, rejecting such redirects.
(CVE-2025-27625)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade Jenkins weekly to version 2.500 or later, or Jenkins LTS to version 2.492.2 or later.See Also
Plugin Details
Severity: Medium
ID: 227562
File Name: jenkins_2_500.nasl
Version: 1.1
Type: combined
Agent: windows, macosx, unix
Family: CGI abuses
Published: 3/5/2025
Updated: 3/5/2025
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Enable CGI Scanning: true
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS Score Source: CVE-2025-27624
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:jenkins:jenkins, cpe:/a:cloudbees:jenkins
Required KB Items: installed_sw/Jenkins
Exploit Ease: No known exploits are available
Patch Publication Date: 3/5/2025
Vulnerability Publication Date: 3/5/2025
Reference Information
CVE: CVE-2025-27622, CVE-2025-27623, CVE-2025-27624, CVE-2025-27625