CVE-2025-58459

Summary

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins global-build-stats Plugin0 <= 322.v22f4db_18e2ddaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References