4.2
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Description
A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Basic Information
ID
CVE-2025-58460
Source
jenkins
Published
Sep 3, 2025 at 15:02
Modified
Sep 3, 2025 at 15:56
Affected Product
Vendor
Jenkins Project
Product
Jenkins OpenTelemetry Plugin
Affected Versions
Jenkins Project Jenkins OpenTelemetry Plugin 0