Skip to content

Commit

Permalink
5 changes (4 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 4 new CVEs:  CVE-2025-27622, CVE-2025-27623, CVE-2025-27624, CVE-2025-27625
      - 1 updated CVEs: CVE-2024-9355
  • Loading branch information
cvelistV5 Github Action committed Mar 5, 2025
1 parent 4b4a74a commit 54445a5
Show file tree
Hide file tree
Showing 5 changed files with 252 additions and 12 deletions.
32 changes: 20 additions & 12 deletions cves/2024/9xxx/CVE-2024-9355.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-09-30T17:07:30.833Z",
"datePublished": "2024-10-01T18:17:29.420Z",
"dateUpdated": "2025-02-14T12:02:07.742Z"
"dateUpdated": "2025-03-05T22:33:03.607Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -179,6 +179,16 @@
"cpe:/a:redhat:rhel_eus:9.4::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Streams for Apache Kafka 2.9.0",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"packageName": "golang-github-danielqsj-kafka_exporter",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
]
},
{
"vendor": "Red Hat",
"product": "NBDE Tang Server",
Expand Down Expand Up @@ -1128,16 +1138,6 @@
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
]
},
{
"vendor": "Red Hat",
"product": "streams for Apache Kafka",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "golang-github-danielqsj-kafka_exporter",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:amq_streams:1"
]
}
],
"references": [
Expand Down Expand Up @@ -1197,6 +1197,14 @@
"x_refsource_REDHAT"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:2416",
"name": "RHSA-2025:2416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9355",
"tags": [
Expand Down Expand Up @@ -1254,7 +1262,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2025-02-14T12:02:07.742Z"
"dateUpdated": "2025-03-05T22:33:03.607Z"
}
},
"adp": [
Expand Down
58 changes: 58 additions & 0 deletions cves/2025/27xxx/CVE-2025-27622.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-27622",
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"state": "PUBLISHED",
"assignerShortName": "jenkins",
"dateReserved": "2025-03-04T07:21:12.533Z",
"datePublished": "2025-03-05T22:33:34.766Z",
"dateUpdated": "2025-03-05T22:33:34.766Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins",
"dateUpdated": "2025-03-05T22:33:34.766Z"
},
"affected": [
{
"vendor": "Jenkins Project",
"product": "Jenkins",
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets."
}
],
"references": [
{
"name": "Jenkins Security Advisory 2025-03-05",
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3495",
"tags": [
"vendor-advisory"
]
}
]
}
}
}
58 changes: 58 additions & 0 deletions cves/2025/27xxx/CVE-2025-27623.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-27623",
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"state": "PUBLISHED",
"assignerShortName": "jenkins",
"dateReserved": "2025-03-04T07:21:12.533Z",
"datePublished": "2025-03-05T22:33:35.469Z",
"dateUpdated": "2025-03-05T22:33:35.469Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins",
"dateUpdated": "2025-03-05T22:33:35.469Z"
},
"affected": [
{
"vendor": "Jenkins Project",
"product": "Jenkins",
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets."
}
],
"references": [
{
"name": "Jenkins Security Advisory 2025-03-05",
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3496",
"tags": [
"vendor-advisory"
]
}
]
}
}
}
58 changes: 58 additions & 0 deletions cves/2025/27xxx/CVE-2025-27624.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-27624",
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"state": "PUBLISHED",
"assignerShortName": "jenkins",
"dateReserved": "2025-03-04T07:21:12.533Z",
"datePublished": "2025-03-05T22:33:36.141Z",
"dateUpdated": "2025-03-05T22:33:36.141Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins",
"dateUpdated": "2025-03-05T22:33:36.141Z"
},
"affected": [
{
"vendor": "Jenkins Project",
"product": "Jenkins",
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets)."
}
],
"references": [
{
"name": "Jenkins Security Advisory 2025-03-05",
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3498",
"tags": [
"vendor-advisory"
]
}
]
}
}
}
58 changes: 58 additions & 0 deletions cves/2025/27xxx/CVE-2025-27625.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-27625",
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"state": "PUBLISHED",
"assignerShortName": "jenkins",
"dateReserved": "2025-03-04T07:21:12.534Z",
"datePublished": "2025-03-05T22:33:36.808Z",
"dateUpdated": "2025-03-05T22:33:36.808Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins",
"dateUpdated": "2025-03-05T22:33:36.808Z"
},
"affected": [
{
"vendor": "Jenkins Project",
"product": "Jenkins",
"versions": [
{
"version": "2.492.2",
"versionType": "maven",
"lessThan": "2.492.*",
"status": "unaffected"
},
{
"version": "2.500",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects."
}
],
"references": [
{
"name": "Jenkins Security Advisory 2025-03-05",
"url": "https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501",
"tags": [
"vendor-advisory"
]
}
]
}
}
}

0 comments on commit 54445a5

Please sign in to comment.