VYPR
Moderate severityGHSA Advisory· Published Dec 10, 2025· Updated Dec 10, 2025

CVE-2025-67643

CVE-2025-67643

Description

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspace directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkinsci.plugins:pipeline-reporter-by-redpenMaven
<= 1.054

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1