Lucene search
K

64 matches found

Veracode
Veracode
added 2025/12/13 5:4 a.m.6 views

Path Traversal

Jenkins Redpen – Pipeline Reporter for Jira Plugin is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation of the workspace directory during artifact upload, where the plugin fails to enforce proper directory constraints, allowing attackers with Item/Configure...

4.3CVSS5.7AI score0.0029EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/10 6:30 p.m.5 views

EUVD-2025-202451

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 6:30 p.m.3 views

GHSA-V8HG-M323-JVJQ Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS5.9AI score0.00179EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/10 6:30 p.m.6 views

EUVD-2025-202456

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin...

5CVSS7.2AI score0.00179EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.13 views

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS7AI score0.00179EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/10 5:15 p.m.5 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2025/12/10 5:15 p.m.14 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

5CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 5:15 p.m.6 views

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

4.3CVSS0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 4:50 p.m.4 views

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

6.4AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 4:50 p.m.13 views

CVE-2025-67643

CVE-2025-67643 affects Jenkins Redpen - Pipeline Reporter for Jira Plugin (versions 1.054.v7b_9517b_6b_202 and earlier). The vulnerability is a path traversal flaw: improper validation of the workspace directory path during artifact uploads to Jira, enabling attackers with Item/Configure permissi...

4.3CVSS6.4AI score0.0029EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/10 4:50 p.m.29 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 4:50 p.m.7 views

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

6.6AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 4:50 p.m.17 views

CVE-2025-67640

Jenkins Git client Plugin vulnerability CVE-2025-67640 affects versions 6.4.0 and earlier. The issue arises from improper escaping of the workspace directory path in a temporary shell script generated by the plugin, enabling an attacker who controls the workspace name to inject and execute arbitr...

5CVSS6.6AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.4 views

Jenkins Redpen - Pipeline Reporter for Jira Plugin 安全漏洞

Jenkins Redpen - Pipeline Reporter for Jira Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and prior versions, which stems from failure to properly validate workspace directory paths, which cou...

4.3CVSS6.5AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.6 views

Jenkins plugin Git client 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

5CVSS6.6AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50358

Name of the Vulnerable Software and Affected Versions Jenkins Git client Plugin versions 6.4.0 and earlier Description The Jenkins Git client Plugin does not properly escape the path to the workspace directory when creating a temporary shell script. This allows attackers who can control the...

5CVSS7.1AI score0.00179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.6 views

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

4.3CVSS6.8AI score0.00831EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/24 6:52 p.m.65 views

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permissio...

4.3CVSS6.6AI score0.00831EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/24 2:15 p.m.2 views

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

4.3CVSS5.8AI score0.00831EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/24 1:46 p.m.29 views

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

6.7AI score0.00831EPSS
Exploits0References2
Rows per page
Query Builder