CVE-2025-58458

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions 6.3.2 and earlier

Description The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Recommendations Upgrade Jenkins Git client Plugin to a version later than 6.3.2.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-538

Related Identifiers

CVE-2025-58458

GHSA-G2PQ-9JR7-W6GV

Affected Products

Jenkins

Jenkins Git Client Plugin

CVE-2025-58458

Weakness Enumeration

Related Identifiers

Affected Products

References · 10