Detections
Analytics
Jenkins plugins Multiple Vulnerabilities (2025-12-10)
medium Nessus Plugin ID 278130
Language:
Synopsis
An application running on a remote web server host is affected by multiple vulnerabilitiesDescription
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:- Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a `javascript:` scheme URL as identifier by configuring the job through the REST API, resulting in a stored cross-site scripting (XSS) vulnerability.
(CVE-2025-67641)
- Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands. (CVE-2025-67640)
- A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views. (CVE-2025-67636)
- Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to. (CVE-2025-67642)
- A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI. (CVE-2025-13472)
- Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.
(CVE-2025-67643)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update Jenkins plugins to the following versions:- BlazeMeter Plugin to version 4.27 or later
- Coverage Plugin to version 2.3056.v1dfe888b_0249 or later
- Git client Plugin to version 6.4.1 or later
- HashiCorp Vault Plugin: See vendor advisory
- Redpen - Pipeline Reporter for Jira Plugin: See vendor advisory
See vendor advisory for more details.
See Also
Plugin Details
Severity: Medium
ID: 278130
File Name: jenkins_security_advisory_2025-12-10_plugins.nasl
Version: 1.2
Type: combined
Agent: windows, macosx, unix
Family: CGI abuses
Published: 12/10/2025
Updated: 12/12/2025
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-67641
CVSS v3
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2025-67640
CVSS v4
Risk Factor: Medium
Base Score: 5.3
Threat Score: 1.3
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2025-13472
Vulnerability Information
CPE: cpe:/a:jenkins:jenkins, cpe:/a:cloudbees:jenkins
Required KB Items: installed_sw/Jenkins
Exploit Ease: No known exploits are available
Patch Publication Date: 12/10/2025
Vulnerability Publication Date: 12/3/2025
Reference Information
CVE: CVE-2025-13472, CVE-2025-67636, CVE-2025-67640, CVE-2025-67641, CVE-2025-67642, CVE-2025-67643
IAVA: 2025-A-0892