Vulnerabilities

CVE-2025-67643

by Fred · 10/12/2025

Jenkins Redpen – Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.

More information : https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3290

Similar

Tags: Cybersecurity Alert