CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

Jenkins plugins Multiple Vulnerabilities (2026-05-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross- site scripting XSS vulnerability...

Relative Path Traversal

Overview org.jenkins-ci.plugins:credentials-binding is a plugin that allows credentials to be bound to environment variables for use from miscellaneous build steps. Affected versions of this package are vulnerable to Relative Path Traversal due to not sanitizing file names for file and zip file...