How severe is CVE-2025-58458?

CVE-2025-58458 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-58458

Name: git_client
Author: jenkins

4.3MEDIUM

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying

Publicado: 9/3/2025Atualizado: 11/4/2025

Descrição

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Análise IADesenvolvido por IA

Produtos Afetados

jenkinsgit_client

6.2.0

Referências

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4