CVE-2025-67639

Опубликовано: 10 дек. 2025

Источник: redhat

CVSS3: 3.5

Описание

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

A cross-site request forgery (CSRF) vulnerability in Jenkins allows attackers to trick users into logging in to the attacker's account.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenShift Developer Tools and Services	jenkins	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-613

https://bugzilla.redhat.com/show_bug.cgi?id=2420999org.jenkins-ci.main/jenkins-core: Jenkins cross-site request forgery

3.5 Low

CVSS3

Связанные уязвимости

CVE-2025-67639

CVSS3: 3.5

nvd

4 месяца назад

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

GHSA-6837-qgrc-x5p6

CVSS3: 3.5

github

4 месяца назад

Jenkins has a CSRF vulnerability on the login form

BDU:2026-00314

CVSS3: 3.5

fstec

4 месяца назад

Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю осуществить CSRF-атаку

ROS-20251223-7316

CVSS3: 3.5

redos

3 месяца назад

Уязвимость jenkins

3.5 Low

CVSS3