{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49338?format=json","vulnerability_id":"VCID-83az-a11q-87bb","summary":"BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources\nA fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.","aliases":[{"alias":"CVE-2025-13472"},{"alias":"GHSA-fxp5-37mh-vff5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72757?format=json","purl":"pkg:maven/com.blazemeter.plugins/BlazeMeterJenkinsPlugin@4.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.blazemeter.plugins/BlazeMeterJenkinsPlugin@4.27"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13472","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18442","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18462","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18562","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18524","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13472"},{"reference_url":"https://github.com/jenkinsci/blazemeter-plugin","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blazemeter-plugin"},{"reference_url":"https://github.com/jenkinsci/blazemeter-plugin/commit/9fe5ed70f063c18fd6b64bb4db3cbdb612f653d4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/blazemeter-plugin/commit/9fe5ed70f063c18fd6b64bb4db3cbdb612f653d4"},{"reference_url":"https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/missing-authorization-in-blazemeter-jenkins-plugin","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T14:21:08Z/"}],"url":"https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/missing-authorization-in-blazemeter-jenkins-plugin"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13472","reference_id":"CVE-2025-13472","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13472"},{"reference_url":"https://github.com/advisories/GHSA-fxp5-37mh-vff5","reference_id":"GHSA-fxp5-37mh-vff5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxp5-37mh-vff5"}],"weaknesses":[{"cwe_id":862,"name":"Missing Authorization","description":"The product does not perform an authorization check when an actor attempts to access a resource or perform an action."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83az-a11q-87bb"}