CNNVD-202512-1953 Information
CNNVD ID
CNNVD-202512-1953
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Jenkins Redpen - Pipeline Reporter for Jira Plugin是Jenkins开源的一个插件。 Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202及之前版本存在安全漏洞,该漏洞源于未正确验证工作空间目录路径,可能导致检索Jenkins控制器上的文件。
Description (English)
Jenkins Redpen - Pipeline Reporter for Jira Plugin is an open-source plugin for Jenkins. Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b 9517b 6b 202 and previous versions contain a security loophole that originates from an incorrect validation of the workspace directory path, which may lead to the search of files on the Jenkins controller.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Jenkins
Published
2025-12-10
Last Modified
2026-02-24
References
https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3290 https://vigilance.fr/vulnerability/Jenkins-Plugins-multiple-vulnerabilities-dated-10-12-2025-49059
Patch
https://plugins.jenkins.io/pipeline-reporter-by-redpen/
Share on: