GHSA-mj6v-4wr4-gj57

Опубликовано: 29 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins Start Windocks Containers Plugin is missing a permission check

Jenkins Start Windocks Containers Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

As of publication of this advisory, there is no fix.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:windocks-start-container

maven

Затронутые версииВерсия исправления

<= 1.4

Отсутствует

EPSS

Процентиль: 7%

0.00027

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-64139

Дефекты

CWE-862

Связанные уязвимости

CVE-2025-64139

CVSS3: 4.3

nvd

3 месяца назад

A missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

EPSS

Процентиль: 7%

0.00027

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-64139

Дефекты

CWE-862