Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-57300

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access...

4.3CVSS0.00178EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/30 5:26 p.m.9 views

com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.7), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.7) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...

6.1CVSS7.2AI score0.00222EPSS
Exploits0
Veracode
Veracode
added 2025/12/13 5:0 a.m.14 views

Missing Authorization

Jenkins MCP Server Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing permission checks in multiple MCP tools, which allows an attacker to trigger builds and access sensitive information related to job and cloud configurations without proper authorization...

5.4CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/10/29 1:29 p.m.24 views

CVE-2025-64132

CVE-2025-64132 affects Jenkins MCP Server Plugin versions up to 0.84.v50ca_24ef83f2 and earlier. The root cause is missing permission checks in multiple MCP tools, allowing attackers to trigger builds and view information about jobs and cloud configuration that should be restricted. Publicly docu...

5.4CVSS6.2AI score0.00239EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder