3 matches found
BIT-JENKINS-2026-53438
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...
CVE-2026-53437
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between //, allowing attackers to perform phishing attacks...
CVE-2026-53436
Jenkins 2.567 and earlier, and LTS 2.555.2 and earlier, are affected by a login-redirect validation issue: the system may treat a redirect URL containing relative path segments (./ or ../) as legitimate, which enables phishing attacks by steering users to attacker-controlled destinations after lo...