Input Validation Flaw in Jenkins Git Parameter Plugin
CVE-2025-53652

8.2HIGH

Key Information:

Vendor

Jenkins

Vendor
CVE Published:
9 July 2025

What is CVE-2025-53652?

The Jenkins Git Parameter Plugin has an input validation flaw that permits users with Item/Build permission to misuse Git parameters. When submitting a build, the plugin does not ensure that the Git parameter value provided matches one of the predefined options, enabling attackers to potentially inject arbitrary values. This could lead to unintended and unauthorized behavior in the build process, highlighting the need for stringent validation controls in plugin implementations.

Affected Version(s)

Jenkins Git Parameter Plugin 0 <= 439.vb_0e46ca_14534

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53652 : Input Validation Flaw in Jenkins Git Parameter Plugin