CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10276

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

EUVD-2026-33712

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10276

The CVE-2026-10276 entry describes a vulnerability in hekmon8 Jenkins-server-mcp 0.1.0. The issue affects the function jobPath in src/index.ts within the get_build_status/get_build_log/trigger_build components and leads to server-side request forgery. The attack may be performed remotely, and the...

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

PT-2026-45497

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get build status/get build log/trigger build. Such manipulation leads to server-side request forgery. The attack may be performed from...

Jenkins Server MCP code issue vulnerabilities

Jenkins Server MCP is a model context protocol server developed by Hekmon for individual developers to interact with Jenkins CI/CD servers. Version 0.1.0 of Jenkins Server MCP contains code vulnerabilities. These vulnerabilities stem from incorrect operations in the functions jobPath of the files...

Exploit for OS Command Injection in Gnu Bash

AppAssault Lab — Attacking Common Applications ╔═════...

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...

PT-2025-44281

Name of the Vulnerable Software and Affected Versions Jenkins MCP Server Plugin versions 0.84.v50ca 24ef83f2 and earlier Description The Jenkins MCP Server Plugin does not properly enforce permission checks in several MCP tools. This allows attackers to initiate builds and access sensitive job an...

The vulnerability of the ReadyAPI Functional Testing plugin for Jenkins servers lies in the storage of registration data in an open manner, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the ReadyAPI Functional Testing plugin for the Jenkins automation server lies in the way registration data is stored in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the Jenkins automation server, related to insufficient protection of service data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to insufficient protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Jenkins automation server lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of the Jenkins automation server relates to the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...

The vulnerability of the Jenkins automation server, related to deficiencies in authentication procedures, allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...

The vulnerability of the Jenkins automation server, related to access control deficiencies, allows a hacker to bypass restrictions and create temporary elements.

The vulnerability of the Jenkins automation server is related to lack of access control. Exploiting this vulnerability allows a malicious actor to bypass restrictions and create temporary elements...

The vulnerability of the Jenkins automation server, related to the lack of protection for service data, allows a perpetrator to gain unauthorized access to confidential information.

The vulnerability of the Jenkins automation server lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to confidential information within the system...

IBM: Jenkins server access due to weak password

Jenkins server access was gained due to a weak password. The issue was reported to IBM, analyzed, and remediated...

Missing authorization in Jenkins Plug-in for ServiceNow

A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...

Jenkins plugins Multiple Vulnerabilities (2022-09-21)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins...