10 matches found
BIT-JENKINS-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-27100
A flaw was found in Jenkins. An attacker with Item/Build and Item/Configure permissions can exploit this vulnerability by submitting Run Parameter values that refer to builds they do not have authorization to access. This allows the attacker to obtain sensitive information, including the existenc...
Jenkins has a build information disclosure vulnerability through Run Parameter
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
CVE-2026-27100
CVE-2026-27100 affects Jenkins up to version 2.550 and LTS up to 2.541.1. The vulnerability arises because Run Parameter values can reference builds the submitting user would not have access to. An attacker with Item/Build and Item/Configure permissions can leverage this to learn about the existe...
CVE-2026-27100
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...
GHSA-RC33-44QP-VPVQ Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of...
PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...
plugin: Lack of authentication mechanism in Git Plugin webhook
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...
CVE-2022-36884
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...