CVE-2025-5806

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Gatling Plugin version 136.vb 9009b 3d33a e

Description The issue allows users who can change report content to exploit a cross-site scripting (XSS) vulnerability due to the manner in which Gatling reports are served, bypassing the Content-Security-Policy protection introduced in certain Jenkins versions.

Recommendations For Jenkins Gatling Plugin version 136.vb 9009b 3d33a e, consider disabling the serving of Gatling reports until a patch is available to prevent exploitation of the XSS vulnerability.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-5806

GHSA-GW97-CQWG-XMH4

Affected Products

Jenkins

Jenkins Gatling Plugin

CVE-2025-5806

Weakness Enumeration

Related Identifiers

Affected Products

References · 18