Input Validation Flaw in Jenkins Git Parameter Plugin
CVE-2025-53652
8.2HIGH
What is CVE-2025-53652?
The Jenkins Git Parameter Plugin has an input validation flaw that permits users with Item/Build permission to misuse Git parameters. When submitting a build, the plugin does not ensure that the Git parameter value provided matches one of the predefined options, enabling attackers to potentially inject arbitrary values. This could lead to unintended and unauthorized behavior in the build process, highlighting the need for stringent validation controls in plugin implementations.
Affected Version(s)
Jenkins Git Parameter Plugin 0 <= 439.vb_0e46ca_14534