CVE-2025-64142 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specifi…
Medium CVSS: 4.3

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Vendor
Jenkins
Product
Nexus Task Runner
CWE
CWE-862
Yayın Tarihi
2025-10-29 14:15:58
Güncelleme
2025-11-04 22:16:40
Source Identifier
jenkinsci-cert@googlegroups.com
KEV Date Added
-

Kategoriler

CWE-862 Nexus Task Runner MEDIUM Jenkins 2025

Referanslar

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3550 http://www.openwall.com/lists/oss-security/2025/10/29/2