Git Client Plugin Vulnerability in Jenkins by Jenkins
CVE-2025-58458

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Git Client Plugin
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-58458?

The Git Client Plugin for Jenkins, versions 6.3.2 and earlier, is susceptible to a security flaw that allows attackers with Overall/Read permissions to determine the existence of specified file paths on the Jenkins controller file system. This issue arises when utilizing the 'amazon-s3' protocol for JGit. The plugin's validation mechanisms return different responses depending on whether the specified path exists, potentially exposing sensitive file system information.

Affected Version(s)

Jenkins Git client Plugin 6.3.3

Jenkins Git client Plugin 6.1.4 < 6.1.*

References

https://www.jenkins.io/security/advisory/2025-09-03/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 2, 2025

JSON