CVE-2025-58459

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-58459

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58459.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-58459

Aliases

GHSA-gm8g-fh49-qq6v

Published

2025-09-03T15:15:39.667Z

Modified

2026-04-10T05:32:58.747530Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.

References

Affected packages

Git / github.com/jenkinsci/global-build-stats-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/global-build-stats-plugin

Events

Introduced

Last affected

22f4db18e2dd9b7183660c37b7420af0364830a6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "322.v22f4db_18e2dd"
        }
    ]
}

Affected versions

244.*

244.v27c8a_2e50a_34

269.*

269.v214f74360b_3a_

282.*

282.v79ca_e079d1b_1

288.*

288.vb_2c4a_0f138b_b_

293.*

293.vd7b_d6e361475

304.*

304.ve03f19d5969e

307.*

307.v03dce5a_f8943

314.*

314.v2c5018728d76

316.*

316.vf8870f424d78

322.*

322.v22f4db_18e2dd

global-build-stats-1.*

global-build-stats-1.1

global-build-stats-1.2

global-build-stats-1.3

global-build-stats-1.4

global-build-stats-1.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58459.json"