BIT-jenkins-2025-67638

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2025-67638.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jenkins-2025-67638

Aliases

Published

2025-12-12T11:23:47.516Z

Modified

2025-12-12T12:10:58.463119Z

Summary

[none]

Details

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Database specific

{
    "cpes": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:maven:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / jenkins

Package

Name: jenkins
Purl: pkg:bitnami/jenkins

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.528.3

Introduced

2.529.0

Fixed

2.541.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2025-67638.json"