logo

Database

Lack of data validation - Path Traversal In org.jenkinsci.plugins:pipeline-reporter-by-redpen

Description

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2025-676432. NVD-2025-676433. OSV-2025-676434. GCVE-2025-67643

References

1. https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3290

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.