CVE-2025-58458

EUVD-2025-26516
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
jenkinsgit_client
𝑥
≤ 6.1.3
jenkinsgit_client
6.3.0 ≤
𝑥
≤ 6.3.2
jenkinsgit_client
6.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
http://www.openwall.com/lists/oss-security/2025/09/03/4