Path Validation Vulnerability in Jenkins Redpen - Pipeline Reporter for Jira Plugin
CVE-2025-67643

4.3MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Redpen - Pipeline Reporter For Jira Plugin
Vendor
CVE Published:
10 December 2025

What is CVE-2025-67643?

The Jenkins Redpen - Pipeline Reporter for Jira Plugin fails to adequately validate paths during artifact uploads. This vulnerability allows attackers with certain permissions to manipulate workspace directory access, potentially leading to unauthorized file retrieval from the Jenkins controller workspace. This flaw emphasizes the importance of rigorous path validation to ensure security in plugin operations.

Affected Version(s)

Jenkins Redpen - Pipeline Reporter for Jira Plugin 0 <= 1.054.v7b_9517b_6b_202

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECU...
vendor-advisory

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-67643 : Path Validation Vulnerability in Jenkins Redpen - Pipeline Reporter for Jira Plugin