logo

Database

Sensitive information in source code In org.jenkins-ci.plugins:git-client

Description

Jenkins Git client Plugin file system information disclosure vulnerability In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-584582. NVD-2025-584583. OSV-2025-584584. GCVE-2025-58458

References

1. https://github.com/jenkinsci/git-client-plugin/commit/20090a86c3ebc72e5283c882de73e3a4459137bb2. https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-35903. http://www.openwall.com/lists/oss-security/2025/09/03/4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.