CVE-2025-58459 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-58459

CVE-2025-58459

September 03, 2025

Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.

Affected Packages

https://github.com/jenkinsci/global-build-stats-plugin.git (GITHUB):

Affected version(s) >=244.v27c8a_2e50a_34 <347.v32a_eb_0493c4f

Fix Suggestion:

Update to version 347.v32a_eb_0493c4f

org.jenkins-ci.plugins:global-build-stats (JAVA):

Affected version(s) >=1.1 <347.v32a_eb_0493c4f

Fix Suggestion:

Update to version 347.v32a_eb_0493c4f

Related Resources (5)

http://www.openwall.com/lists/oss-security/2025/09/03/4

https://nvd.nist.gov/vuln/detail/CVE-2025-58459

https://github.com/jenkinsci/global-build-stats-plugin/commit/32aeb0493c4ff5423448576f477ac612f7a25138

https://github.com/jenkinsci/global-build-stats-plugin

https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3535

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Improper Access Control

CWE-284

EPSS

Base Score:

0.05

Products

Solutions

Resources

Company

Compare

Developer Tools