{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27622", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2025-03-04T07:21:12.533Z", "datePublished": "2025-03-05T22:33:34.766Z", "dateUpdated": "2025-03-06T16:19:56.244Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-03-05T22:33:34.766Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"version": "2.492.2", "versionType": "maven", "lessThan": "2.492.*", "status": "unaffected"}, {"version": "2.500", "versionType": "maven", "lessThan": "*", "status": "unaffected"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets."}], "references": [{"name": "Jenkins Security Advisory 2025-03-05", "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495", "tags": ["vendor-advisory"]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T16:19:18.355334Z", "id": "CVE-2025-27622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:19:56.244Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-27622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T16:19:18.355334Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T16:19:49.968Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"status": "unaffected", "version": "2.492.2", "lessThan": "2.492.*", "versionType": "maven"}, {"status": "unaffected", "version": "2.500", "lessThan": "*", "versionType": "maven"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495", "name": "Jenkins Security Advisory 2025-03-05", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-03-05T22:33:34.766Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27622", "state": "PUBLISHED", "dateUpdated": "2025-03-06T16:19:56.244Z", "dateReserved": "2025-03-04T07:21:12.533Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2025-03-05T22:33:34.766Z", "assignerShortName": "jenkins"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "4059EF76-A4B8-47E4-A1CD-1F5FE9E21EC4", "versionEndExcluding": "2.492.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "5208C20B-F05A-4D68-969F-38617E6ECE17", "versionEndExcluding": "2.500", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets."}, {"lang": "es", "value": "Jenkins 2.499 y anteriores, LTS 2.492.1 y anteriores no redactan los valores cifrados de los secretos al acceder a `config.xml` de los agentes a trav\u00e9s de la API REST o CLI, lo que permite a los atacantes con permiso de Agente/Lectura extendida ver los valores cifrados de los secretos."}], "id": "CVE-2025-27622", "lastModified": "2025-06-24T00:48:40.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-05T23:15:13.990", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "jenkins: Encrypted values of secrets stored in agent configuration revealed to users with Agent/Extended Read permission", "id": "2350211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350211"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-319", "details": ["Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.", "A flaw was found in Jenkins and LTS. Affected versions of Jenkins do not redact the encrypted value of secrets when accessing `config.xml` agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view the encrypted value of secrets."], "name": "CVE-2025-27622", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Fix deferred", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}], "public_date": "2025-03-05T22:33:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27622\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27622\nhttps://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495"], "threat_severity": "Moderate"}

{}