Количество 2
Количество 2
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
GHSA-g2pq-9jr7-w6gv
Jenkins Git client Plugin file system information disclosure vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-58458 In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | CVSS3: 4.3 | 0% Низкий | 5 месяцев назад |
| GHSA-g2pq-9jr7-w6gv Jenkins Git client Plugin file system information disclosure vulnerability | CVSS3: 4.3 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу