CNNVD-202510-4006 Information

CNNVD ID

CNNVD-202510-4006

Related CVE

CVE-2025-64140

• CNNVD Published: 2025-10-29

Description (Chinese)

Jenkins Azure CLI Plugin是Jenkins开源的一款命令行插件。 Jenkins Azure CLI Plugin 0.9及之前版本存在安全漏洞，该漏洞源于未限制可在Jenkins控制器上执行的命令，可能导致具有Item/Configure权限的攻击者执行任意shell命令。

Description (English)

Jenkins Azure CLI Plugin is an open-source command line plugin for Jenkins. There is a security loophole in Jenkins Azure CLI Plugin 0.9 and earlier versions, which stems from unrestricted orders that can be carried out on the Jenkins controller, which could lead to an attacker with the Item/Configure authority to execute an arbitrary shell order.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3538 https://access.redhat.com/security/cve/cve-2025-64140

Patch

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3538