← Zuruck zu CVEs
CVE-2025-58458
MEDIUM4.3
Beschreibung
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/3/2025
Zuletzt geandert11/4/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
jenkins:git_client
Schwachen (CWE)
CWE-200CWE-538
Referenzen
https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590(jenkinsci-cert@googlegroups.com)
http://www.openwall.com/lists/oss-security/2025/09/03/4(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.