CVE-2025-58458
- Source
- https://cve.org/CVERecord?id=CVE-2025-58458
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58458.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-58458
- Aliases
- Published
- 2025-09-03T15:15:39.520Z
- Modified
- 2026-04-10T05:32:53.285079Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying
amazon-s3protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. - References
Affected packages
Git / github.com/jenkinsci/git-client-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/git-client-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.1.3" }, { "introduced": "6.3.0" }, { "last_affected": "6.3.2" }, { "introduced": "0" }, { "last_affected": "6.2.0" } ] }
Affected versions
git-client-1.*
git-client-1.0.0
git-client-1.0.1
git-client-1.0.2
git-client-1.0.4
git-client-1.0.5
git-client-1.0.6
git-client-1.1
git-client-1.1.1
git-client-1.1.2
git-client-1.10.0
git-client-1.10.1
git-client-1.10.2
git-client-1.11.0
git-client-1.11.1
git-client-1.12.0
git-client-1.13.0
git-client-1.14.0
git-client-1.14.1
git-client-1.15.0
git-client-1.16.0
git-client-1.16.1
git-client-1.17.0
git-client-1.18.0
git-client-1.19.0
git-client-1.19.1
git-client-1.19.2
git-client-1.19.3
git-client-1.19.4
git-client-1.19.5
git-client-1.19.6
git-client-1.19.7
git-client-1.2.0
git-client-1.20.0
git-client-1.20.1
git-client-1.20.2
git-client-1.21.0
git-client-1.3.0
git-client-1.4.0
git-client-1.4.1
git-client-1.4.2
git-client-1.4.3
git-client-1.4.4
git-client-1.5.0
git-client-1.5.1
git-client-1.6.0
git-client-1.6.1
git-client-1.6.2
git-client-1.6.3
git-client-1.6.4
git-client-1.6.5
git-client-1.6.6
git-client-1.7.0
git-client-1.8.0
git-client-1.8.1
git-client-1.9.0
git-client-1.9.1
git-client-1.9.2
git-client-2.*
git-client-2.1.0
git-client-2.2.0
git-client-2.2.1
git-client-2.3.0
git-client-2.4.0
git-client-2.4.1
git-client-2.4.2
git-client-2.4.3
git-client-2.4.4
git-client-2.4.5
git-client-2.4.6
git-client-2.5.0
git-client-2.6.0
git-client-2.7.0
git-client-2.7.1
git-client-3.*
git-client-3.0.0
git-client-3.0.0-beta1
git-client-3.0.0-beta10
git-client-3.0.0-beta11
git-client-3.0.0-beta12
git-client-3.0.0-beta2
git-client-3.0.0-beta3
git-client-3.0.0-beta4
git-client-3.0.0-beta5
git-client-3.0.0-beta7
git-client-3.0.0-beta8
git-client-3.0.0-beta9
git-client-3.0.0-rc
git-client-3.1.0
git-client-3.1.0-beta
git-client-3.1.1
git-client-3.10.0
git-client-3.10.1
git-client-3.11.0
git-client-3.12.0
git-client-3.12.1
git-client-3.13.0
git-client-3.13.1
git-client-3.2.0
git-client-3.2.1
git-client-3.3.0
git-client-3.3.1
git-client-3.3.2
git-client-3.4.0
git-client-3.4.1
git-client-3.4.2
git-client-3.5.0
git-client-3.5.1
git-client-3.6.0
git-client-3.7.0
git-client-3.7.1
git-client-3.7.2
git-client-3.8.0
git-client-3.9.0
git-client-4.*
git-client-4.0.0
git-client-4.1.0
git-client-4.2.0
git-client-4.3.0
git-client-4.4.0
git-client-4.5.0
git-client-4.6.0
git-client-4.7.0
git-client-5.*
git-client-5.0.0
git-client-6.*
git-client-6.0.0
git-client-6.1.0
git-client-6.1.1
git-client-6.1.2
git-client-6.1.3
git-client-6.2.0
git-client-6.3.0
git-client-6.3.1
git-client-6.3.2