CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Published Oct 30, 2025

https://github.com/advisories/GHSA-h83r-7f9f-mqjj

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64142

A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Published Oct 30, 2025

https://github.com/advisories/GHSA-h83r-7f9f-mqjj

CVSS ScoreMedium

4.3


maven	org.jenkins-ci.plugins/nexus-task-runner	0.9.1
maven	org.jenkins-ci.plugins/nexus-task-runner	0.9.2

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/nexus-task-runner	0.9.1
maven	org.jenkins-ci.plugins/nexus-task-runner	0.9.2

Find vulnerabilities. Fix fast with AI.

CVE-2025-64142

CVE-2025-64142