How severe is CVE-2025-58458?

CVE-2025-58458 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-58458

Name: git_client
Author: jenkins

4.3MEDIUM

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying

Published: 9/3/2025Updated: 11/4/2025

Description

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

AI AnalysisPowered by AI

Affected Products

jenkinsgit_client

6.2.0

References

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4