Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hknv-b3s3-cfat
Vulnerability ID VCID-hknv-b3s3-cfat
Aliases CVE-2024-3825
GHSA-r52h-fjm7-93j8
Summary BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-3825
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r52h-fjm7-93j8
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-3825
https://github.com/Blazemeter/blazemeter-jenkins-plugin
https://github.com/Blazemeter/blazemeter-jenkins-plugin/commit/11ec94f68136a0612ae1b37b5370053132cb2528
https://portal.perforce.com/s/detail/a91PA000001STsvYAG
CVE-2024-3825 https://nvd.nist.gov/vuln/detail/CVE-2024-3825
GHSA-r52h-fjm7-93j8 https://github.com/advisories/GHSA-r52h-fjm7-93j8
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.37403
EPSS Score 0.00166
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:03:53.843447+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.blazemeter.plugins/BlazeMeterJenkinsPlugin/CVE-2024-3825.yml 38.6.0