|
991
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers con…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57285
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57286
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers w…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-57287
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
3.7 |
LOW
Network
|
-
|
-
|
Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated atta…
New
|
CWE-90
LDAP Injection
|
CVE-2026-57288
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to th…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-57289
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57290
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specif…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57294
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified cr…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57295
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.
New
|
CWE-862
Missing Authorization
|
CVE-2026-57300
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
8.8 |
HIGH
Network
|
-
|
-
|
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary c…
New
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2026-57301
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
