CVE-2025-53652
- Source
- https://cve.org/CVERecord?id=CVE-2025-53652
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53652.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53652
- Aliases
- Published
- 2025-07-09T16:15:24.627Z
- Modified
- 2026-04-12T18:19:45.471622Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
- References
Affected packages
Git / github.com/jenkinsci/git-parameter-plugin
Affected versions
0.*
0.1
435.*
435.va_f85861c663a_
439.*
439.vb_0e46ca_14534
git-parameter-0.*
git-parameter-0.10.0
git-parameter-0.11.0
git-parameter-0.3
git-parameter-0.3.1
git-parameter-0.3.2
git-parameter-0.4
git-parameter-0.5.0
git-parameter-0.5.1
git-parameter-0.6.0
git-parameter-0.6.1
git-parameter-0.6.2
git-parameter-0.7.0
git-parameter-0.7.1
git-parameter-0.7.2
git-parameter-0.8.0
git-parameter-0.8.1
git-parameter-0.9.0
git-parameter-0.9.1
git-parameter-0.9.10
git-parameter-0.9.11
git-parameter-0.9.14
git-parameter-0.9.15
git-parameter-0.9.16
git-parameter-0.9.17
git-parameter-0.9.18
git-parameter-0.9.19
git-parameter-0.9.2
git-parameter-0.9.3
git-parameter-0.9.4
git-parameter-0.9.5
git-parameter-0.9.6
git-parameter-0.9.7
git-parameter-0.9.8
git-parameter-0.9.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53652.json"
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"file": "src/test/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinitionTest.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"247852759108344206703683741608172811836",
"12098483850384789815535080231725256348",
"301367098557106064063893473498294697881",
"274145913186742816583972868894044491817",
"58347669267173480256042566413502050212",
"260512438100408296625036717499189503172",
"260699823175587900738993132981101546738",
"201919480817792300242177410549658241308",
"45292331578593434882435913744168383751",
"305969285095359155050654361978054257689",
"250351770550445053549698387379903448942",
"261860232353080491846282646981802404650",
"72607955420235091598328391827389909888",
"243443896694564794269985525859725640291",
"189004989577463225775065359587687136090",
"141732207185145053526979765452127686965",
"217788632978530884579872083575638418171",
"46232392381016838791775325606905976542",
"304814471678181674591737602852442564479",
"189004989577463225775065359587687136090",
"141732207185145053526979765452127686965",
"127594330974238234288325491822892053024",
"191488663979185575676957903785225315189",
"120883065382415035084531202178689250556",
"95341027150205394868445267906684861231",
"25665655743958956351384749378517185168",
"98237768380414132868101733140358363660"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-53652-0cfb5c49"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "createValue",
"file": "src/main/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinition.java"
},
"deprecated": false,
"digest": {
"function_hash": "276063246869036378287391009725022596816",
"length": 391.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-2dd0b320"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "createValue",
"file": "src/main/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinition.java"
},
"deprecated": false,
"digest": {
"function_hash": "328399344852487622954416842516327472836",
"length": 433.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-3eb4513e"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "createValue",
"file": "src/main/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinition.java"
},
"deprecated": false,
"digest": {
"function_hash": "76233740115023826834770330821916625511",
"length": 762.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-48dcb6e7"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"file": "src/test/java/net/uaznia/lukanus/hudson/plugins/gitparameter/BasicTests.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"304563847348087773240250205245130058473",
"115755731256790920998689758610067400546",
"5213164769890432287681514436285459022",
"257387485791049399801001439152277719643",
"65033236984947083960656513424656184556",
"259116711565813227094334713959691882092",
"168234735068990741594125819440354668250",
"220163518346790988817120585150481377654",
"286792114291541325041369149993045748335",
"120128739935198051949338309459005914634",
"219935490809323248598569670752072555355",
"154553756273105820402908300522609805879",
"13794311570089954756690935485655809383",
"267176384137022554016261386481085290553",
"150860428831057686443874724865900587768",
"212516999470766340871181418503397288580",
"252304887671479438505218009313484188409",
"75177225867903411820702094366343708676",
"150860428831057686443874724865900587768"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-53652-50725f5a"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "generateContents",
"file": "src/main/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinition.java"
},
"deprecated": false,
"digest": {
"function_hash": "229488133641583388209848333222760864792",
"length": 1271.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-7e3ae674"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "testSetDefaultValue",
"file": "src/test/java/net/uaznia/lukanus/hudson/plugins/gitparameter/BasicTests.java"
},
"deprecated": false,
"digest": {
"function_hash": "2149606632759772544003635873082564608",
"length": 329.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-842084f1"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"file": "src/main/java/net/uaznia/lukanus/hudson/plugins/gitparameter/GitParameterDefinition.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"317222927104549297092308414129502381531",
"135263463357805037170531748819188886335",
"121588687431040458697496046904275293825",
"150509804551708735726432233908845161294",
"299513848815565711264313205188779427626",
"165605015653395246675223184018261577892",
"232006119002535624066077252926466477962",
"304603058319691908439999157271861125974",
"196107211808676751592568103586711515419",
"8328881223620729769574882563211041259",
"51272167915708638130724602208156291542",
"187944747207602413456109142374532079851",
"44069883351191058814333816698163142237",
"152289311671387390137866691760906437504",
"6655336306704625718540664854879601687",
"176526362033157555597892036735517957420",
"94609421146563559264144359073072639987",
"52636615271979058096336715229189790595",
"200039033739789172234210198905756111297",
"293051734407200069584901717668919290199",
"308653174931063837385372942842110214215",
"272312723186367884659288937432022791168",
"303645386441911492074009531667204236475",
"54212646012821300908243489153389341080",
"105381920305168185255649054617942757495",
"112929286134793420147616853669360861751",
"181918489288757924884436667448866833390",
"28105888420563480887978371514776267175",
"73103573007616758962568946076297352017",
"100848618077636672286795074264887110408",
"306021847262832315797832772643095096606",
"304923143075629207131142966212974556707",
"59907237226975683511178246683745272830",
"21925894871764542660997397550991290985",
"33037336121255938994363385915714752789",
"31418392602401825084120196660815691313",
"287157182107892377429735387267292151708",
"30363825826767883758304535958411726451",
"237272071928605187165486849229636490592",
"257983561637512165595593711240857856071",
"162654406556779675614572921919188506646",
"113418043594450632430170513771895996440",
"26920141036484953558601128802077385791",
"275026688547941954024047457359828491171",
"37640968855930274975741218638757027649",
"183329372711069268330173128888644173215",
"34947283634402798198933235127273897368",
"106417643519545594835193652034484213298",
"283382170725011212537251088983124944504",
"107812618202838672344572697060595343914",
"127567416826857942910679917834858021710",
"27635012309373304213923460686628622007",
"311338302220434315372600694167068944904",
"12717222345274261259424217091903828252",
"287304379735189620048477067747623886827",
"167587098647380819817076430626163002274",
"203136956569366929362221800506773310591",
"198621149513251406181953453509931112674",
"244788807336906145726171357662141297052",
"132837457682424067964775563451762790359",
"32794285712832785695515777286937914314",
"312089532166199934906617450366595324944",
"326713815007317597828013242258483139265",
"264527352043985158698347035445633603668",
"284761807200456930049496616992743386888",
"128096000918750408099724450740951026440",
"316454123505783417913207875629035994603",
"70887388275696832681910912752875237004",
"57330422833017089298040372728634670822",
"139778972194720638045460227424297738168",
"40616718655052210945514101417661551982",
"143950441758431542700352335976461656487"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-53652-9b525881"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "testGetDefaultValue",
"file": "src/test/java/net/uaznia/lukanus/hudson/plugins/gitparameter/BasicTests.java"
},
"deprecated": false,
"digest": {
"function_hash": "54182095142155487686919482538093905188",
"length": 300.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-e4c820a6"
},
{
"signature_version": "v1",
"source": "https://github.com/jenkinsci/git-parameter-plugin/commit/cab84d3703c267dbdf3e1b4a06fcc51bbed4fcba",
"target": {
"function": "testCreateValue_StaplerRequest2_JSONObject",
"file": "src/test/java/net/uaznia/lukanus/hudson/plugins/gitparameter/BasicTests.java"
},
"deprecated": false,
"digest": {
"function_hash": "253365234296552605195625092522870981298",
"length": 551.0
},
"signature_type": "Function",
"id": "CVE-2025-53652-e7632fce"
}
]
vanir_signatures_modified
"2026-04-12T18:19:45Z"