CVE-2025-67636 PUBLISHED

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.

• Jenkins Security Advisory 2025-12-10