CSRF Vulnerability in Jenkins Affects User Interface Widgets
CVE-2025-27624
5.4MEDIUM
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins allows malicious actors to trick users into altering the display states of sidepanel widgets, such as the Build Queue and Build Executor Status. This can lead to unauthorized changes in the user interface, potentially impacting user experience and system integrity. Users are advised to apply the necessary updates to mitigate this risk.
Affected Version(s)
Jenkins 2.492.2
Jenkins 2.492.2 < 2.492.*
Jenkins 2.500
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved