NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-48926

Summary	Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Publication Date	May 28, 2026, 12:16 a.m.
Registration Date	May 28, 2026, 4:14 a.m.
Last Update	June 2, 2026, 11:49 p.m.

CVSS3.1 : MEDIUM
スコア	4.3
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:jenkins:job_import::::::jenkins::*			122.v35289550f1e6
cpe:2.3:a:jenkins:job_import:143.v044a_2e819b_27:::::jenkins::

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3783	jenkinsci-cert@googlegroups.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-269	不適切な権限管理	https://cwe.mitre.org/data/definitions/269.html