CVE-2025-67640
- Source
- https://cve.org/CVERecord?id=CVE-2025-67640
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67640.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-67640
- Aliases
- Published
- 2025-12-10T17:15:56.517Z
- Modified
- 2026-03-13T03:42:12.957426Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.
- References
Affected packages
Git / github.com/jenkinsci/git-client-plugin
Affected versions
git-client-1.*
git-client-1.0.0
git-client-1.0.1
git-client-1.0.2
git-client-1.0.3
git-client-1.0.4
git-client-1.0.5
git-client-1.0.6
git-client-1.0.7
git-client-1.1
git-client-1.1.1
git-client-1.1.2
git-client-1.10.0
git-client-1.10.1
git-client-1.10.2
git-client-1.11.0
git-client-1.11.1
git-client-1.12.0
git-client-1.13.0
git-client-1.14.0
git-client-1.14.1
git-client-1.15.0
git-client-1.16.0
git-client-1.16.1
git-client-1.17.0
git-client-1.18.0
git-client-1.19.0
git-client-1.19.1
git-client-1.19.2
git-client-1.19.3
git-client-1.19.4
git-client-1.19.5
git-client-1.19.6
git-client-1.19.7
git-client-1.2.0
git-client-1.20.0
git-client-1.20.0-beta2
git-client-1.20.0-beta3
git-client-1.20.1
git-client-1.20.2
git-client-1.21.0
git-client-1.3.0
git-client-1.4.0
git-client-1.4.1
git-client-1.4.2
git-client-1.4.3
git-client-1.4.4
git-client-1.4.5
git-client-1.4.6
git-client-1.5.0
git-client-1.5.1
git-client-1.6.0
git-client-1.6.1
git-client-1.6.2
git-client-1.6.3
git-client-1.6.4
git-client-1.6.5
git-client-1.6.6
git-client-1.7.0
git-client-1.8.0
git-client-1.8.1
git-client-1.9.0
git-client-1.9.1
git-client-1.9.2
git-client-2.*
git-client-2.0.0
git-client-2.0.0-beta1
git-client-2.0.0-beta2
git-client-2.0.0-beta3
git-client-2.0.0-beta4
git-client-2.1.0
git-client-2.2.0
git-client-2.2.1
git-client-2.3.0
git-client-2.4.0
git-client-2.4.1
git-client-2.4.2
git-client-2.4.3
git-client-2.4.4
git-client-2.4.5
git-client-2.4.6
git-client-2.5.0
git-client-2.6.0
git-client-2.7.0
git-client-2.7.1
git-client-2.7.2
git-client-2.7.3
git-client-2.7.4
git-client-2.7.5
git-client-2.7.6
git-client-2.7.7
git-client-2.8.0
git-client-2.8.1
git-client-2.8.2
git-client-2.8.3
git-client-2.8.4
git-client-2.8.5
git-client-2.8.6
git-client-2.9.0
git-client-3.*
git-client-3.0.0
git-client-3.0.0-beta1
git-client-3.0.0-beta10
git-client-3.0.0-beta11
git-client-3.0.0-beta12
git-client-3.0.0-beta2
git-client-3.0.0-beta3
git-client-3.0.0-beta4
git-client-3.0.0-beta5
git-client-3.0.0-beta7
git-client-3.0.0-beta8
git-client-3.0.0-beta9
git-client-3.0.0-rc
git-client-3.1.0
git-client-3.1.0-beta
git-client-3.1.1
git-client-3.10.0
git-client-3.10.1
git-client-3.11.0
git-client-3.11.1
git-client-3.11.2
git-client-3.12.0
git-client-3.12.1
git-client-3.13.0
git-client-3.13.1
git-client-3.2.0
git-client-3.2.1
git-client-3.3.0
git-client-3.3.1
git-client-3.3.2
git-client-3.4.0
git-client-3.4.1
git-client-3.4.2
git-client-3.5.0
git-client-3.5.1
git-client-3.6.0
git-client-3.7.0
git-client-3.7.1
git-client-3.7.2
git-client-3.8.0
git-client-3.9.0
git-client-4.*
git-client-4.0.0
git-client-4.1.0
git-client-4.2.0
git-client-4.3.0
git-client-4.4.0
git-client-4.5.0
git-client-4.6.0
git-client-4.7.0
git-client-5.*
git-client-5.0.0
git-client-6.*
git-client-6.0.0
git-client-6.1.0
git-client-6.1.1
git-client-6.1.2
git-client-6.1.3
git-client-6.2.0
git-client-6.3.0
git-client-6.3.1
git-client-6.3.2
git-client-6.3.3
git-client-6.4.0