Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

Published

2025-04-02T15:15:59.547

Last Modified

2025-04-29T13:56:43.860

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-862
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application jenkins jenkins < 2.492.3 Yes
Application jenkins jenkins < 2.504 Yes
References