Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-58458
Modified
More InfoOfficial Page
Source-jenkinsci-cert@googlegroups.com
View Known Exploited Vulnerability (KEV) details
Published At-03 Sep, 2025 | 15:15
Updated At-04 Nov, 2025 | 22:16

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Jenkins
jenkins
>>git_client>>Versions up to 6.1.3(inclusive)
cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*
Jenkins
jenkins
>>git_client>>Versions from 6.3.0(inclusive) to 6.3.2(inclusive)
cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*
Jenkins
jenkins
>>git_client>>6.2.0
cpe:2.3:a:jenkins:git_client:6.2.0:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-538Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-200
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-538
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590jenkinsci-cert@googlegroups.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/09/03/4af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2025/09/03/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found