CVE-2025-47887
published 2025-05-14CVE-2025-47887: Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cadence_vmanager | <= 4.0.1-286.v9e25a_740b_a_48 | — |
| jenkins | cadence_vmanager_plugin | — | — |
| jenkins | dingtalk_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | health_advisor_by_cloudbees_plugin | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | openid_connect_provider_plugin | — | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | wso2_oauth_plugin | — | — |
| jenkins_project | jenkins_cadence_vmanager_plugin | <= 4.0.1-286.v9e25a_740b_a_48 | — |