← voltar
CVE-2025-24400

CVE-2025-24400

CVSS 4.3 MEDIUMEPSS 0.3%CWE-863
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
22 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N