Jenkins Missing Authorization Vulnerability - CVE-2025-59475
Reference:
CVE-2025-59475
Title:
Jenkins Missing Authorization Vulnerability
Overview:
Jenkins 2.527 and earlier LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g. whether Credentials Plugin is installed).