Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-27622 - Vulnerability Database

Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-27622

Medium

Reference: CVE-2025-27622

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-27622

Title: Jenkins Cleartext Storage of Sensitive Information Vulnerability

Overview:

Jenkins 2.499 and earlier LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.