Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins Project |
|
No data.
No data.
References
History
Sat, 30 May 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins Project
Jenkins Project jenkins Job Import Plugin |
|
| Vendors & Products |
Jenkins Project
Jenkins Project jenkins Job Import Plugin |
Wed, 27 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Jenkins Job Import Plugin allows enumeration of stored credential IDs due to missing permission check |
Wed, 27 May 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-269 | |
| Metrics |
cvssV3_1
|
Wed, 27 May 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2026-05-27T14:13:52.666Z
Updated: 2026-05-27T15:21:36.888Z
Reserved: 2026-05-26T14:50:46.813Z
Link: CVE-2026-48926
Vulnrichment
Updated: 2026-05-27T15:21:26.719Z
NVD
Status : Awaiting Analysis
Published: 2026-05-27T15:16:32.310
Modified: 2026-05-27T19:54:54.150
Link: CVE-2026-48926
Redhat
No data.