CVE-2025-13472

Published: Dec 3, 2025

Modified: Dec 3, 2025

PUBLISHED

Description

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

Vendor	Product	Versions
Perforce	BlazeMeter	affected `0 - < 4.27`

Weaknesses (CWE)

CWE-862

References

https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/missing-authorization-in-blazemeter-jenkins-plugin

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13472

Description

Affected Products

Weaknesses (CWE)

References