Vulnerability Details CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2025-58458
-
cpe:2.3:a:jenkins:git_client:1.0.2
-
cpe:2.3:a:jenkins:git_client:1.0.3
-
cpe:2.3:a:jenkins:git_client:1.0.5
-
cpe:2.3:a:jenkins:git_client:1.0.6
-
cpe:2.3:a:jenkins:git_client:1.0.7
-
cpe:2.3:a:jenkins:git_client:1.1
-
cpe:2.3:a:jenkins:git_client:1.1.1
-
cpe:2.3:a:jenkins:git_client:1.1.2
-
cpe:2.3:a:jenkins:git_client:1.10.0
-
cpe:2.3:a:jenkins:git_client:1.10.1
-
cpe:2.3:a:jenkins:git_client:1.10.2
-
cpe:2.3:a:jenkins:git_client:1.11.0
-
cpe:2.3:a:jenkins:git_client:1.11.1
-
cpe:2.3:a:jenkins:git_client:1.12.0
-
cpe:2.3:a:jenkins:git_client:1.13.0
-
cpe:2.3:a:jenkins:git_client:1.14.0
-
cpe:2.3:a:jenkins:git_client:1.14.1
-
cpe:2.3:a:jenkins:git_client:1.15.0
-
cpe:2.3:a:jenkins:git_client:1.16.1
-
cpe:2.3:a:jenkins:git_client:1.17.0
-
cpe:2.3:a:jenkins:git_client:1.17.1
-
cpe:2.3:a:jenkins:git_client:1.18.0
-
cpe:2.3:a:jenkins:git_client:1.19.0
-
cpe:2.3:a:jenkins:git_client:1.19.1
-
cpe:2.3:a:jenkins:git_client:1.19.2
-
cpe:2.3:a:jenkins:git_client:1.19.3
-
cpe:2.3:a:jenkins:git_client:1.19.4
-
cpe:2.3:a:jenkins:git_client:1.19.5
-
cpe:2.3:a:jenkins:git_client:1.19.6
-
cpe:2.3:a:jenkins:git_client:1.19.7
-
cpe:2.3:a:jenkins:git_client:1.2.0
-
cpe:2.3:a:jenkins:git_client:1.20.0
-
cpe:2.3:a:jenkins:git_client:1.21.0
-
cpe:2.3:a:jenkins:git_client:1.3.0
-
cpe:2.3:a:jenkins:git_client:1.4.0
-
cpe:2.3:a:jenkins:git_client:1.4.2
-
cpe:2.3:a:jenkins:git_client:1.4.3
-
cpe:2.3:a:jenkins:git_client:1.4.4
-
cpe:2.3:a:jenkins:git_client:1.4.5
-
cpe:2.3:a:jenkins:git_client:1.4.6
-
cpe:2.3:a:jenkins:git_client:1.5
-
cpe:2.3:a:jenkins:git_client:1.6
-
cpe:2.3:a:jenkins:git_client:1.6.1
-
cpe:2.3:a:jenkins:git_client:1.6.2
-
cpe:2.3:a:jenkins:git_client:1.6.3
-
cpe:2.3:a:jenkins:git_client:1.6.4
-
cpe:2.3:a:jenkins:git_client:1.6.5
-
cpe:2.3:a:jenkins:git_client:1.6.6
-
cpe:2.3:a:jenkins:git_client:1.7.0
-
cpe:2.3:a:jenkins:git_client:1.8.0
-
cpe:2.3:a:jenkins:git_client:1.8.1
-
cpe:2.3:a:jenkins:git_client:1.9.0
-
cpe:2.3:a:jenkins:git_client:1.9.1
-
cpe:2.3:a:jenkins:git_client:2.0.0
-
cpe:2.3:a:jenkins:git_client:2.1.0
-
cpe:2.3:a:jenkins:git_client:2.2.0
-
cpe:2.3:a:jenkins:git_client:2.2.1
-
cpe:2.3:a:jenkins:git_client:2.3.0
-
cpe:2.3:a:jenkins:git_client:2.4.0
-
cpe:2.3:a:jenkins:git_client:2.4.1
-
cpe:2.3:a:jenkins:git_client:2.4.2
-
cpe:2.3:a:jenkins:git_client:2.4.4
-
cpe:2.3:a:jenkins:git_client:2.4.5
-
cpe:2.3:a:jenkins:git_client:2.4.6
-
cpe:2.3:a:jenkins:git_client:2.5.0
-
cpe:2.3:a:jenkins:git_client:2.7.0
-
cpe:2.3:a:jenkins:git_client:2.7.1
-
cpe:2.3:a:jenkins:git_client:2.7.2
-
cpe:2.3:a:jenkins:git_client:2.7.3
-
cpe:2.3:a:jenkins:git_client:2.7.4
-
cpe:2.3:a:jenkins:git_client:2.7.5
-
cpe:2.3:a:jenkins:git_client:2.7.6
-
cpe:2.3:a:jenkins:git_client:2.7.7
-
cpe:2.3:a:jenkins:git_client:2.8.4
-
cpe:2.3:a:jenkins:git_client:3.0.0
-
cpe:2.3:a:jenkins:git_client:3.11.0
-
cpe:2.3:a:jenkins:git_client:3.11.1
-
cpe:2.3:a:jenkins:git_client:3.11.2
-
cpe:2.3:a:jenkins:git_client:3.12.0
-
cpe:2.3:a:jenkins:git_client:3.12.1
-
cpe:2.3:a:jenkins:git_client:3.12.2
-
cpe:2.3:a:jenkins:git_client:3.12.4
-
cpe:2.3:a:jenkins:git_client:3.13.0
-
cpe:2.3:a:jenkins:git_client:3.13.1
-
cpe:2.3:a:jenkins:git_client:4.0.0
-
cpe:2.3:a:jenkins:git_client:4.1.0
-
cpe:2.3:a:jenkins:git_client:4.2.0
-
cpe:2.3:a:jenkins:git_client:4.3.0
-
cpe:2.3:a:jenkins:git_client:4.4.0
-
cpe:2.3:a:jenkins:git_client:4.5.0
-
cpe:2.3:a:jenkins:git_client:4.6.0
-
cpe:2.3:a:jenkins:git_client:4.7.0
-
cpe:2.3:a:jenkins:git_client:5.0.0
-
cpe:2.3:a:jenkins:git_client:5.0.1
-
cpe:2.3:a:jenkins:git_client:5.0.2
-
cpe:2.3:a:jenkins:git_client:5.0.3
-
cpe:2.3:a:jenkins:git_client:6.0.0
-
cpe:2.3:a:jenkins:git_client:6.1.0
-
cpe:2.3:a:jenkins:git_client:6.1.1
-
cpe:2.3:a:jenkins:git_client:6.1.2
-
cpe:2.3:a:jenkins:git_client:6.1.3
-
cpe:2.3:a:jenkins:git_client:6.2.0
-
cpe:2.3:a:jenkins:git_client:6.3.0
-
cpe:2.3:a:jenkins:git_client:6.3.1
-
cpe:2.3:a:jenkins:git_client:6.3.2