CVE-2025-58458
📋 TL;DR
This vulnerability in Jenkins Git client Plugin allows attackers with Overall/Read permission to determine whether specific file paths exist on the Jenkins controller file system. Attackers can exploit this by using the amazon-s3 protocol with JGit to probe for files, potentially revealing sensitive information about the server's directory structure. This affects Jenkins installations using vulnerable versions of the Git client Plugin.
💻 Affected Systems
- Jenkins Git client Plugin
📦 What is this software?
Git Client by Jenkins
Git Client by Jenkins
Git Client by Jenkins
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map the entire file system structure, identify sensitive configuration files, and use this information for further attacks such as credential theft or privilege escalation.
Likely Case
Attackers with basic read permissions can discover file paths and directory structures, potentially revealing configuration files, credentials, or other sensitive information stored on the controller.
If Mitigated
With proper access controls and network segmentation, attackers would only be able to confirm file existence but not read file contents, limiting the impact to information disclosure about file paths.
🎯 Exploit Status
Exploitation requires attacker to have Overall/Read permission and knowledge of the amazon-s3 protocol usage with JGit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.3.3 or later
Vendor Advisory: https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3590
Restart Required: No
Instructions:
1. Navigate to Jenkins Manage Jenkins > Manage Plugins. 2. Go to Available tab. 3. Search for 'Git client Plugin'. 4. Install version 6.3.3 or later. 5. No restart required.
🔧 Temporary Workarounds
Restrict Overall/Read permissions
allLimit Overall/Read permissions to trusted users only to prevent unauthorized access to the vulnerability.
Disable amazon-s3 protocol
allPrevent usage of amazon-s3 protocol with JGit if not required for your workflow.
🧯 If You Can't Patch
- Implement strict access controls to limit Overall/Read permissions to essential personnel only.
- Monitor Jenkins logs for unusual Git URL validation attempts using amazon-s3 protocol.
🔍 How to Verify
Check if Vulnerable:
Check Jenkins plugin manager for Git client Plugin version. If version is 6.3.2 or earlier (excluding 6.1.4 and 6.2.1), the system is vulnerable.Check Version:
Navigate to Manage Jenkins > Manage Plugins > Installed tab and check Git client Plugin version.Verify Fix Applied:
Verify Git client Plugin version is 6.3.3 or later in Jenkins plugin manager.📡 Detection & Monitoring
Log Indicators:
- Unusual Git URL validation requests using amazon-s3 protocol
- Multiple failed file path checks from single user
Network Indicators:
- Repeated HTTP POST requests to Git URL validation endpoints
SIEM Query:
source="jenkins.log" AND "amazon-s3" AND "Git URL" AND validation