Insufficient Permission Checks in Jenkins Plugin Affecting REST API Access
CVE-2025-58459

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Global-build-stats Plugin
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-58459?

The Jenkins global-build-stats Plugin up to version 322.v22f4db_18e2dd contains a vulnerability due to a lack of permission checks in its REST API endpoints. This oversight allows users with Overall/Read permission to enumerate graph IDs, potentially exposing sensitive project information. It is crucial for Jenkins users to review their plugin versions and apply the latest updates to mitigate any security risks.

Affected Version(s)

Jenkins global-build-stats Plugin 0 <= 322.v22f4db_18e2dd

References

https://www.jenkins.io/security/advisory/2025-09-03/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 2, 2025