Primary

Context

Jenkins Global-Build-Stats Missing Permission Check Vulnerability Allows Graph ID Enumeration

Vulnerability

Patched

A vulnerability exists in the Jenkins global-build-stats Plugin in versions through 322.v22f4db_18e2dd, where the plugin's REST API endpoints lack proper permission checks. This flaw enables attackers with Overall/Read permission to enumerate graph IDs, which can then be used to access the corresponding graphs.

Impact

Exploitation of this vulnerability allows for the enumeration of graph IDs, which can be used to access the associated graphs.

Remediation

Users of the global-build-stats Plugin should update to version 347.v32a_eb_0493c4f, which includes the necessary permission checks for the REST API endpoints.

Added: Sep 3, 2025, 3:51 PM

Updated: Sep 3, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Global-Build-Stats Missing Permission Check Vulnerability Allows Graph ID Enumeration

Vulnerability

Impact

Remediation

Affected Products

Jenkins global-build-stats Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating