Skip to content

Commit ae4f840

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 6ed2700 commit ae4f840

File tree

1 file changed

+34
-5
lines changed

1 file changed

+34
-5
lines changed

advisories/unreviewed/2025/12/GHSA-fxp5-37mh-vff5/GHSA-fxp5-37mh-vff5.json renamed to advisories/github-reviewed/2025/12/GHSA-fxp5-37mh-vff5/GHSA-fxp5-37mh-vff5.json

Lines changed: 34 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,53 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fxp5-37mh-vff5",
4-
"modified": "2025-12-03T09:31:13Z",
4+
"modified": "2025-12-03T19:10:31Z",
55
"published": "2025-12-03T09:31:13Z",
66
"aliases": [
77
"CVE-2025-13472"
88
],
9+
"summary": "BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources",
910
"details": "A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V4",
13-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "com.blazemeter.plugins:BlazeMeterJenkinsPlugin"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "4.27"
32+
}
33+
]
34+
}
35+
]
1436
}
1537
],
16-
"affected": [],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13472"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/jenkinsci/blazemeter-plugin/commit/9fe5ed70f063c18fd6b64bb4db3cbdb612f653d4"
46+
},
47+
{
48+
"type": "PACKAGE",
49+
"url": "https://github.com/jenkinsci/blazemeter-plugin"
50+
},
2251
{
2352
"type": "WEB",
2453
"url": "https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/missing-authorization-in-blazemeter-jenkins-plugin"
@@ -29,8 +58,8 @@
2958
"CWE-862"
3059
],
3160
"severity": "MODERATE",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-12-03T19:10:31Z",
3463
"nvd_published_at": "2025-12-03T09:15:47Z"
3564
}
3665
}

0 commit comments

Comments
 (0)