Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-f696-867g-2759

Опубликовано: 03 сент. 2025
Источник: github
Github: Прошло ревью
CVSS3: 4.2

Описание

Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Ссылки

Пакеты

Наименование

io.jenkins.plugins:opentelemetry

maven
Затронутые версииВерсия исправления

< 3.1543.1545.vf5a

3.1543.1545.vf5a

EPSS

Процентиль: 5%
0.00022
Низкий

4.2 Medium

CVSS3

CVE ID

CVE-2025-58460

Дефекты

CWE-862

Связанные уязвимости

nvd логотип

CVE-2025-58460

CVSS3: 4.2
nvd
5 месяцев назад

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

EPSS

Процентиль: 5%
0.00022
Низкий

4.2 Medium

CVSS3

CVE ID

CVE-2025-58460

Дефекты

CWE-862