CVE-2025-64137
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-04
Assigner: Jenkins Project
Description
Description
A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkins | themis | to 1.4.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing permission check in the Jenkins Themis Plugin version 1.4.1 and earlier. It allows attackers who have Overall/Read permission to connect to an HTTP server specified by the attacker.
How can this vulnerability impact me? :
An attacker with Overall/Read permission could exploit this vulnerability to make the Jenkins server connect to an attacker-controlled HTTP server, potentially leading to information leakage or other indirect impacts. However, it does not allow direct code execution or data modification.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70