FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
	jenkins	<	2.541
	jenkins-lts	<	2.528.3

Details

VuXML ID	2956aba3-1fcb-4c39-9cea-d88a46a3bf93
Discovery	2025-12-10
Entry	2025-12-12

Jenkins Security Advisory:

Description

(High) SECURITY-3630 / CVE-2025-67635

Denial of service vulnerability in HTTP-based CLI

(Medium) SECURITY-1809 / CVE-2025-67636

Missing permission check on password fields

(Medium) SECURITY-783 / CVE-2025-67637 (storage), CVE-2025-67638 (masking)

Build authorization token stored and displayed in plain text

(Low) SECURITY-1166 / CVE-2025-67639

CSRF vulnerability on the login form

[source]

References

CVE Name	CVE-2025-67635
CVE Name	CVE-2025-67636
CVE Name	CVE-2025-67637
CVE Name	CVE-2025-67638
CVE Name	CVE-2025-67639
URL	https://www.jenkins.io/security/advisory/2025-12-10/