How severe is CVE-2025-58458?

CVE-2025-58458 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-58458

Name: git_client
Author: jenkins

4.3MEDIUM

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying

Veröffentlicht: 9/3/2025Aktualisiert: 11/4/2025

Beschreibung

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

KI-AnalyseKI-gestützt

Betroffene Produkte

jenkinsgit_client

6.2.0

Referenzen

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4