CVE-2025-47886: Jenkins Cadence vManager Plugin Vulnerable to Cross-Site Request Forgery
(updated )
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-47886 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →