EUVD-2025-36657

Jenkins Nexus Task Runner Plugin vulnerable to cross-site request forgery...

EUVD-2025-36656

Jenkins Nexus Task Runner Plugin is missing a permission check...

CVE-2025-64142

CVE-2025-64142 affects Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier. Root cause per multiple sources: a missing permission check in the plugin’s HTTP endpoint allows an attacker with Overall/Read permission to cause the controller to connect to an attacker‑specified URL using attac...

PT-2025-44290

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A cross-site request forgery CSRF issue exists in the Jenkins Nexus Task Runner Plugin. This allows attackers to connect to a URL specified by the attacker, using...

PT-2025-44291

Name of the Vulnerable Software and Affected Versions Jenkins Nexus Task Runner Plugin versions 0.9.2 and earlier Description A missing permission check allows attackers with Overall/Read permission to connect to a URL specified by the attacker, using credentials also specified by the attacker. T...

Jenkins Nexus Task Runner Plugin 安全漏洞

Jenkins Nexus Task Runner Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Nexus Task Runner Plugin version 0.9.2 and earlier, which stems from vulnerability to a cross-site request forgery attack that could result in a connection to an attacker-specified UR...