CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.0%

CVSS Severity

CVSS v3 Score 9.1

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3574

Products affected by CVE-2025-47884

Jenkins » Openid Connect Provider » Version: 96.vee8ed882ec4d

cpe:2.3:a:jenkins:openid_connect_provider:96.vee8ed882ec4d

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-47884

Products

Pricing

Contact Us