CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.7%

CVSS Severity

CVSS v3 Score 4.3

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3290

Products affected by CVE-2025-67643

Jenkins » Redpen - Pipeline Reporter For Jira » Version: Any

cpe:2.3:a:jenkins:redpen_-_pipeline_reporter_for_jira:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67643

Products

Pricing

Contact Us