{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-59474", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2025-09-16T16:16:05.525Z", "datePublished": "2025-09-17T13:17:47.174Z", "dateUpdated": "2025-09-17T13:17:47.174Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-09-17T13:17:47.174Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"version": "0", "versionType": "maven", "lessThan": "2.387", "status": "unaffected"}, {"version": "2.516.3", "versionType": "maven", "lessThan": "2.516.*", "status": "unaffected"}, {"version": "2.528", "versionType": "maven", "lessThan": "*", "status": "unaffected"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget."}], "references": [{"name": "Jenkins Security Advisory 2025-09-17", "url": "https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3594", "tags": ["vendor-advisory"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget."}], "id": "CVE-2025-59474", "lastModified": "2025-09-17T14:18:55.093", "metrics": {}, "published": "2025-09-17T14:15:41.067", "references": [{"source": "[email protected]", "url": "https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3594"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "jenkins: Missing permission check allows obtaining agent names", "id": "2396094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396094"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-862", "details": ["A flaw was found in Jenkins. A missing permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission allows attackers without Overall/Read permission to list agent names via its sidepanel executors widget."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-59474", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Fix deferred", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}], "public_date": "2025-09-17T13:17:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-59474\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59474\nhttps://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3594"], "threat_severity": "Moderate"}