com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...

Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

CVE-2025-64132

CVE-2025-64132 affects Jenkins MCP Server Plugin versions up to 0.84.v50ca_24ef83f2 and earlier. The root cause is missing permission checks in multiple MCP tools, allowing attackers to trigger builds and view information about jobs and cloud configuration that should be restricted. Publicly docu...