{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-59475", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2025-09-16T16:16:05.525Z", "datePublished": "2025-09-17T13:17:47.879Z", "dateUpdated": "2025-09-17T13:17:47.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2025-09-17T13:17:47.879Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"version": "2.516.3", "versionType": "maven", "lessThan": "2.516.*", "status": "unaffected"}, {"version": "2.528", "versionType": "maven", "lessThan": "*", "status": "unaffected"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed)."}], "references": [{"name": "Jenkins Security Advisory 2025-09-17", "url": "https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3625", "tags": ["vendor-advisory"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed)."}], "id": "CVE-2025-59475", "lastModified": "2025-09-17T14:18:55.093", "metrics": {}, "published": "2025-09-17T14:15:41.187", "references": [{"source": "jenkinsci-cert@googlegroups.com", "url": "https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3625"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "jenkins: Missing permission check in authenticated users' profile menu", "id": "2396092", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396092"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-862", "details": ["A flaw was found in Jenkins. A missing permission check for the authenticated user profile dropdown menu allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-59475", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Fix deferred", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}], "public_date": "2025-09-17T13:17:47Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-59475\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-59475\nhttps://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3625"], "threat_severity": "Moderate"}