Vulnerability Database

296,733

Total vulnerabilities in the database

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

Published: Apr 2, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-31720
GHSA: GHSA-565r-pf5q-45v6
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	2.492.3
jenkins / jenkins	-	2.504
org.jenkins-ci.main / jenkins-core	2.500	2.504
org.jenkins-ci.main / jenkins-core	-	2.492.3

https://github.com/jenkinsci/jenkins/commit/bf32018bf075c06e5df649583557c82d42d8bb5c
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3512

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo