Primary

Context

BlazeMeter Jenkins Plugin Missing Authorization Vulnerability

Vulnerability

A missing authorization vulnerability exists in BlazeMeter Jenkins Plugin versions prior to 4.27, allowing users without the necessary permissions to access a dropdown list of available resources in the Jenkins UI. This list included credential IDs, BlazeMeter workspaces, and project IDs. The issue has been addressed in version 4.27, which restricts access to users with specific permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized users gaining access to sensitive resource information, such as credential IDs and project-related data, which could be misused in the Jenkins environment.

Remediation

Users can update to BlazeMeter Jenkins Plugin version 4.27 or later to address this vulnerability.

Added: Dec 3, 2025, 9:17 AM

Updated: Dec 3, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BlazeMeter Jenkins Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating