CVE-2025-47884
CVE-2025-47884
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.1EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
14 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Produtos afetados
Jenkins Project · Jenkins OpenID Connect Provider Plugin