NA - CVE-2025-27623 - Jenkins 2.499 and earlier, LTS 2.492.1 and...
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission...
NA - CVE-2025-27624 - A cross-site request forgery (CSRF)...
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets...
NA - CVE-2025-27625 - In Jenkins 2.499 and earlier, LTS 2.492.1 and...
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a...