CVE-2025-13472: CWE-862 Missing Authorization in Perforce BlazeMeter
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.
CVE-2025-13472: CWE-862 Missing Authorization in Perforce BlazeMeter
Description
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Perforce
- Date Reserved
- 2025-11-20T11:26:48.612Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 692ffe297fb5593475bc861f
Added to database: 12/3/2025, 9:08:57 AM
Last updated: 12/3/2025, 9:09:05 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-12744: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HighCVE-2025-29864: CWE-693 Protection Mechanism Failure in ESTsoft ALZip
MediumCVE-2025-13946: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark Foundation Wireshark
MediumCVE-2025-13945: CWE-1325: Improperly Controlled Sequential Memory Allocation in Wireshark Foundation Wireshark
MediumCVE-2025-13486: CWE-94 Improper Control of Generation of Code ('Code Injection') in hwk-fr Advanced Custom Fields: Extended
CriticalActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.