4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
Activity log
- Created suggestion
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run …
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.
References
-
Jenkins Security Advisory 2026-02-18 vendor-advisory
Affected products
- <2.541.*
- *
Matching in nixpkgs
pkgs.jenkins
Extendable open source continuous integration server
pkgs.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python312Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python313Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python314Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python312Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python313Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python314Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python312Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python313Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python314Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
Package maintainers
-
@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>
-
@NeQuissimus Tim Steinbach <tim@nequissimus.com>
-
@earldouglas James Earl Douglas <james@earldouglas.com>
-
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
-
@drets Dmytro Rets <dmitryrets@gmail.com>
-
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
-
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>