Home

Description

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

PUBLISHED Reserved 2025-07-08 | Published 2025-07-09 | Updated 2025-11-04 | Assigner jenkins

Product status

Default status
unaffected

Any version
affected

References

www.openwall.com/lists/oss-security/2025/07/09/4

www.jenkins.io/security/advisory/2025-07-09/ (Jenkins Security Advisory 2025-07-09) vendor-advisory

cve.org (CVE-2025-53652)

nvd.nist.gov (CVE-2025-53652)

Download JSON