CVE-2025-13472

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

EUVD-2025-200734

BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources...

GHSA-FXP5-37MH-VFF5 BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472 Missing authorization in BlazeMeter Jenkins Plugin

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472

CVE-2025-13472 concerns the BlazeMeter Jenkins Plugin. The Red Hat and NVD entries, plus multiple security advisories, confirm that versions prior to 4.27 expose a list of sensitive resources (credential IDs, BlazeMeter workspaces, and project IDs) to users who should not have access. The underly...

PT-2025-48800

Name of the Vulnerable Software and Affected Versions BlazeMeter Jenkins Plugin versions prior to 4.27 Description A flaw existed in the BlazeMeter Jenkins Plugin that allowed unauthorized users to view a list of available resources, including credential IDs, bzm workspaces, and bzm project IDs,...

EUVD-2024-1289

Malicious code in bioql PyPI...

CVE-2024-3825

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

GHSA-R52H-FJM7-93J8 BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

CVE-2024-3825

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

CVE-2024-3825

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

CVE-2024-3825 CSRF in BlazeMeter Jenkins plugin

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

CVE-2024-3825

CVE-2024-3825 affects the BlazeMeter Jenkins plugin prior to version 4.22. The issue is a cross‑site request forgery (CSRF) that can lead to credential enumeration. Impact is limited to the described vulnerability; exploitation status is not detailed in the provided documents. Remediation: upgrad...

CVE-2024-3825 CSRF in BlazeMeter Jenkins plugin

Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration...

BlazeMeter Jenkins plugin 安全漏洞

BlazeMeter Jenkins plugin is an open source plugin for BlazeMeter. It is used to run performance tests on a load testing platform. A security vulnerability exists in BlazeMeter Jenkins plugin versions prior to 4.22 that stems from the presence of a cross-site request forgery CSRF vulnerability...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2012-6072 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2012-6072 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9404603...