Primary

Context

Jenkins Missing Permission Check Vulnerability Allows Unauthorized Agent Name Disclosure

Vulnerability

Patched

A vulnerability exists in Jenkins versions through 2.527 and LTS through 2.516.2, where a missing permission check in the sidepanel executors widget allows users without Overall/Read permission to view agent names. This issue arises because the sidepanel is accessible to users lacking the necessary permissions. The vulnerability can be exploited simply by accessing the affected page's sidepanel.

Impact

Exploitation of this vulnerability allows unauthorized users to list agent names, potentially leading to further attacks or information gathering.

Remediation

Users of Jenkins weekly releases should update to version 2.528, and users of Jenkins LTS should update to version 2.516.3. These versions remove the vulnerable sidepanel from the affected view.

Added: Sep 17, 2025, 2:19 PM

Updated: Sep 17, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

7.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Missing Permission Check Vulnerability Allows Unauthorized Agent Name Disclosure

Vulnerability

Impact

Remediation

Affected Products

Jenkins

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating