Vulnerability Details CVE-2025-58460
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.3%
CVSS Severity
CVSS v3 Score 4.2
Products affected by CVE-2025-58460
-
cpe:2.3:a:jenkins:opentelemetry:0.1
-
cpe:2.3:a:jenkins:opentelemetry:0.10
-
cpe:2.3:a:jenkins:opentelemetry:0.11
-
cpe:2.3:a:jenkins:opentelemetry:0.12
-
cpe:2.3:a:jenkins:opentelemetry:0.13
-
cpe:2.3:a:jenkins:opentelemetry:0.14
-
cpe:2.3:a:jenkins:opentelemetry:0.15
-
cpe:2.3:a:jenkins:opentelemetry:0.16
-
cpe:2.3:a:jenkins:opentelemetry:0.17
-
cpe:2.3:a:jenkins:opentelemetry:0.18
-
cpe:2.3:a:jenkins:opentelemetry:0.19
-
cpe:2.3:a:jenkins:opentelemetry:0.2
-
cpe:2.3:a:jenkins:opentelemetry:0.20
-
cpe:2.3:a:jenkins:opentelemetry:0.21
-
cpe:2.3:a:jenkins:opentelemetry:0.22
-
cpe:2.3:a:jenkins:opentelemetry:0.3
-
cpe:2.3:a:jenkins:opentelemetry:0.4
-
cpe:2.3:a:jenkins:opentelemetry:0.5
-
cpe:2.3:a:jenkins:opentelemetry:0.6
-
cpe:2.3:a:jenkins:opentelemetry:0.7
-
cpe:2.3:a:jenkins:opentelemetry:0.8
-
cpe:2.3:a:jenkins:opentelemetry:0.9
-
cpe:2.3:a:jenkins:opentelemetry:1.0.0
-
cpe:2.3:a:jenkins:opentelemetry:1.0.1
-
cpe:2.3:a:jenkins:opentelemetry:1.1.0
-
cpe:2.3:a:jenkins:opentelemetry:1.1.1
-
cpe:2.3:a:jenkins:opentelemetry:1.2.0
-
cpe:2.3:a:jenkins:opentelemetry:1.2.1
-
cpe:2.3:a:jenkins:opentelemetry:2.0.0
-
cpe:2.3:a:jenkins:opentelemetry:2.0.1
-
cpe:2.3:a:jenkins:opentelemetry:2.1.0
-
cpe:2.3:a:jenkins:opentelemetry:2.1.1
-
cpe:2.3:a:jenkins:opentelemetry:2.10.0
-
cpe:2.3:a:jenkins:opentelemetry:2.10.1
-
cpe:2.3:a:jenkins:opentelemetry:2.11.0
-
cpe:2.3:a:jenkins:opentelemetry:2.12.0
-
cpe:2.3:a:jenkins:opentelemetry:2.13.0
-
cpe:2.3:a:jenkins:opentelemetry:2.14.0
-
cpe:2.3:a:jenkins:opentelemetry:2.15.0
-
cpe:2.3:a:jenkins:opentelemetry:2.16.0
-
cpe:2.3:a:jenkins:opentelemetry:2.17.0
-
cpe:2.3:a:jenkins:opentelemetry:2.18.0
-
cpe:2.3:a:jenkins:opentelemetry:2.19.0
-
cpe:2.3:a:jenkins:opentelemetry:2.2.0
-
cpe:2.3:a:jenkins:opentelemetry:2.2.1
-
cpe:2.3:a:jenkins:opentelemetry:2.2.2
-
cpe:2.3:a:jenkins:opentelemetry:2.3.0
-
cpe:2.3:a:jenkins:opentelemetry:2.4.0
-
cpe:2.3:a:jenkins:opentelemetry:2.5.0
-
cpe:2.3:a:jenkins:opentelemetry:2.5.1
-
cpe:2.3:a:jenkins:opentelemetry:2.6.0
-
cpe:2.3:a:jenkins:opentelemetry:2.7.0
-
cpe:2.3:a:jenkins:opentelemetry:2.7.1
-
cpe:2.3:a:jenkins:opentelemetry:2.8.0
-
cpe:2.3:a:jenkins:opentelemetry:2.9.0
-
cpe:2.3:a:jenkins:opentelemetry:2.9.1
-
cpe:2.3:a:jenkins:opentelemetry:2.9.2
-
cpe:2.3:a:jenkins:opentelemetry:3.1086.v955c8a_c4d90a_
-
cpe:2.3:a:jenkins:opentelemetry:3.1092.va_2a_c52b_dd182
-
cpe:2.3:a:jenkins:opentelemetry:3.1111.vc2733c03b_db_1
-
cpe:2.3:a:jenkins:opentelemetry:3.1135.vdcdb_17548474
-
cpe:2.3:a:jenkins:opentelemetry:3.1138.v80fc844ed246
-
cpe:2.3:a:jenkins:opentelemetry:3.1205.v862c5d236ecc
-
cpe:2.3:a:jenkins:opentelemetry:3.1209.v1d64463d3d6c
-
cpe:2.3:a:jenkins:opentelemetry:3.1215.vc9db_a_0b_34c2a_
-
cpe:2.3:a:jenkins:opentelemetry:3.1261.v46101e2a_3660
-
cpe:2.3:a:jenkins:opentelemetry:3.1270.v35d71e4855f1
-
cpe:2.3:a:jenkins:opentelemetry:3.1293.vb_c48573e17a_4
-
cpe:2.3:a:jenkins:opentelemetry:3.1298.vb_3b_a_5d878dda_
-
cpe:2.3:a:jenkins:opentelemetry:3.1310.vfe6b_821a_4ed2
-
cpe:2.3:a:jenkins:opentelemetry:3.1314.vb_3104190d2da_
-
cpe:2.3:a:jenkins:opentelemetry:3.1320.v2eededb_d909e
-
cpe:2.3:a:jenkins:opentelemetry:3.1368.vb_f1dcb_e6595c
-
cpe:2.3:a:jenkins:opentelemetry:3.1383.v32c9f94458e3
-
cpe:2.3:a:jenkins:opentelemetry:3.1391.vcb_a_a_b_9779d75
-
cpe:2.3:a:jenkins:opentelemetry:3.1419.v3b_27ca_911066
-
cpe:2.3:a:jenkins:opentelemetry:3.1423.v0d1a_2fcd2429
-
cpe:2.3:a:jenkins:opentelemetry:3.1464.va_85780e90d4c
-
cpe:2.3:a:jenkins:opentelemetry:3.1475.v21037899cf33
-
cpe:2.3:a:jenkins:opentelemetry:3.1480.v23e541c0fcb_4
-
cpe:2.3:a:jenkins:opentelemetry:3.1487.vf27fcf83deb_b_
-
cpe:2.3:a:jenkins:opentelemetry:3.1490.vfd3786616d1d
-
cpe:2.3:a:jenkins:opentelemetry:3.1494.v1d249433404c
-
cpe:2.3:a:jenkins:opentelemetry:3.1495.v64dcff5b_7a_6c
-
cpe:2.3:a:jenkins:opentelemetry:3.1503.v0696f14605b_b_
-
cpe:2.3:a:jenkins:opentelemetry:3.1505.v69c4d7c9ee62
-
cpe:2.3:a:jenkins:opentelemetry:3.1513.va_7b_d9d2324e5
-
cpe:2.3:a:jenkins:opentelemetry:3.1515.v1b_2d6b_526498
-
cpe:2.3:a:jenkins:opentelemetry:3.1520.vd981c197a_43f
-
cpe:2.3:a:jenkins:opentelemetry:3.1523.v0b_3ce640987d
-
cpe:2.3:a:jenkins:opentelemetry:3.1525.v604f3b_1a_e07b_