Description

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

Remediation

References

CVE-2025-31721

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)

MySQL Other Vulnerability (CVE-2010-1849)

Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)

WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-10959)

Severity

Medium

Classification

CVE-2025-31721 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities