GHSA-w5r3-gr8w-7fj5

Suggest an improvement
Source
https://github.com/advisories/GHSA-w5r3-gr8w-7fj5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-w5r3-gr8w-7fj5/GHSA-w5r3-gr8w-7fj5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w5r3-gr8w-7fj5
Aliases
  • CVE-2025-64135
Published
2025-10-29T15:31:56Z
Modified
2025-11-05T21:08:42.002199Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Jenkins Eggplant Runner Plugin protection mechanism disabled
Details

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value as part of applying a proxy configuration.

This disables a protection mechanism of the Java runtime addressing CVE-2016-5597.

As of publication of this advisory, there is no fix.

Database specific 
{
    "github_reviewed_at": "2025-10-29T22:00:33Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1188"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2025-10-29T14:15:57Z"
}
References

Affected packages

Maven / io.jenkins.plugins:eggplant-runner

Package

Name
io.jenkins.plugins:eggplant-runner
View open source insights on deps.dev
Purl
pkg:maven/io.jenkins.plugins/eggplant-runner

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.1.301.v963cffe8ddb

Affected versions

0.*
0.0.1.17.v1579c75fa_144
0.0.1.22.v5e23a_10537ed
0.0.1.34.vb_8a_19b_008b_35
0.0.1.38.vdc88180eb_3f4
0.0.1.42.vc410c4e864e6
0.0.1.51.vdb_9cc3a_88828
0.0.1.57.v2b_a_a_c5a_e82db_
0.0.1.59.v14e07b_c80752
0.0.1.78.va_45a_c4d43557
0.0.1.80.vf3e498a_e2995
0.0.1.85.vfb_43a_f521988
0.0.1.104.v6a_2d3791d289
0.0.1.108.v32f1564b_19d0
0.0.1.159.v8ed1d9f67f00
0.0.1.185.v9617008ee458
0.0.1.189.v1e3397db_cee8
0.0.1.191.v72dea_07931b_6
0.0.1.226.v1a_ff67035775
0.0.1.247.va_7031a_586298
0.0.1.252.v8e47de80211e
0.0.1.255.vd38258d75ca_6
0.0.1.259.va_548428d4b_79
0.0.1.261.v52442e5f8514
0.0.1.265.v56273b_eece56
0.0.1.270.vcb_9192a_2c004
0.0.1.272.vb_d9081425367
0.0.1.274.ve12295250d73
0.0.1.278.ve95892534fd1
0.0.1.279.vd472e8e0965d
0.0.1.280.vfc393dfee9f1
0.0.1.284.va_b_a_6107c0515
0.0.1.285.v30ff1ea_cd533
0.0.1.300.v6280c46cd670

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-w5r3-gr8w-7fj5/GHSA-w5r3-gr8w-7fj5.json"