How severe is CVE-2025-58458?

CVE-2025-58458 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-58458

Name: git_client
Author: jenkins

4.3MEDIUM

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying

게시됨: 9/3/2025업데이트됨: 11/4/2025

설명

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

AI 분석AI 기반

영향받는 제품

jenkinsgit_client

6.2.0

참조

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4