CVE-2025-13472 – Missing authorization in BlazeMeter Jenkins Plugin

CVE ID : CVE-2025-13472

Published : Dec. 3, 2025, 9:15 a.m. | 1 hour, 10 minutes ago

Description : A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…