How severe is CVE-2025-58458?

CVE-2025-58458 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-58458

Name: git_client
Author: jenkins

4.3MEDIUM

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying

发布于: 9/3/2025更新于: 11/4/2025

描述

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

AI分析AI驱动

受影响产品

jenkinsgit_client

6.2.0

参考资料

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4