Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-27623 - Vulnerability Database

Jenkins Cleartext Storage of Sensitive Information Vulnerability - CVE-2025-27623

Medium

Reference: CVE-2025-27623

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-27623

Title: Jenkins Cleartext Storage of Sensitive Information Vulnerability

Overview:

Jenkins 2.499 and earlier LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI allowing attackers with View/Read permission to view encrypted values of secrets.