CNNVD-202510-4005 Information

CNNVD ID

CNNVD-202510-4005

Related CVE

CVE-2025-64141

• CNNVD Published: 2025-10-29

Description (Chinese)

Jenkins Nexus Task Runner Plugin是Jenkins开源的一款插件。 Jenkins Nexus Task Runner Plugin 0.9.2及之前版本存在安全漏洞，该漏洞源于容易受到跨站请求伪造攻击，可能导致连接到攻击者指定的URL并使用攻击者指定的凭据。

Description (English)

Jenkins Nexus Task Runner Plugin is an open-source plugin for Jenkins. Jenkins Nexus Task Runner Plugin 0.9.2 and earlier versions had a security loophole, which stemmed from the vulnerability of cross-site requests for false attacks, which could lead to connections to URLs designated by the attackers and to the use of evidence specified by the attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3550 https://access.redhat.com/security/cve/cve-2025-64141

Patch

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3550