CVE-2025-47887: Jenkins Cadence vManager Plugin is Missing Permission Checks
(updated )
Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-47887 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →