{"id":"CVE-2025-58459","details":"Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.","aliases":["GHSA-gm8g-fh49-qq6v"],"modified":"2026-04-10T05:32:58.747530Z","published":"2025-09-03T15:15:39.667Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/09/03/4"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2025-09-03/#SECURITY-3535"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/global-build-stats-plugin","events":[{"introduced":"0"},{"last_affected":"22f4db18e2dd9b7183660c37b7420af0364830a6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"322.v22f4db_18e2dd"}]}}],"versions":["244.v27c8a_2e50a_34","269.v214f74360b_3a_","282.v79ca_e079d1b_1","288.vb_2c4a_0f138b_b_","293.vd7b_d6e361475","304.ve03f19d5969e","307.v03dce5a_f8943","314.v2c5018728d76","316.vf8870f424d78","322.v22f4db_18e2dd","global-build-stats-1.1","global-build-stats-1.2","global-build-stats-1.3","global-build-stats-1.4","global-build-stats-1.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58459.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}