Primary

Context

Jenkins Themis Plugin Missing Permission Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jenkins Themis Plugin in versions through 1.4.1, where a missing permission check allows attackers with Overall/Read permission to connect to an HTTP server specified by the attacker. This vulnerability also introduces a cross-site request forgery (CSRF) risk, as the endpoint does not require POST requests.

Impact

Exploitation of this vulnerability could lead to unauthorized HTTP requests being sent to an attacker-specified server, potentially allowing for data exfiltration or other malicious actions.

Added: Oct 29, 2025, 2:29 PM

Updated: Oct 29, 2025, 2:29 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Themis Plugin Missing Permission Check Vulnerability

Vulnerability

Impact

Affected Products

Jenkins Themis Plugin

Jenkins SAML Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating