CVE-2025-53652
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-09

Last updated on: 2025-11-04

Assigner: Jenkins Project

Description
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-09
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-07-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53652
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jenkins git_parameter to 444.vca_b_84d3703c2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Jenkins Git Parameter Plugin version 439.vb_0e46ca_14534 and earlier. It occurs because the plugin does not validate that the Git parameter value submitted to the build matches one of the predefined choices. As a result, attackers who have Item/Build permission can inject arbitrary values into Git parameters.


How can this vulnerability impact me? :

An attacker with Item/Build permission could exploit this vulnerability to inject arbitrary Git parameter values into a build. This could potentially lead to unauthorized code execution, manipulation of build processes, or other unintended behaviors within the Jenkins environment.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart