Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-48917 (GCVE-0-2026-48917)
Vulnerability from cvelistv5 – Published: 2026-05-27 14:13 – Updated: 2026-05-27 17:04
VLAI
EPSS
Summary
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2026-05-… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins LDAP Plugin |
Affected:
0 , ≤ 807.v7d7de30930cf
(maven)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T17:04:09.359441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:04:29.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins LDAP Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "807.v7d7de30930cf",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:13:46.363Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2026-05-27",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2026-48917",
"datePublished": "2026-05-27T14:13:46.363Z",
"dateReserved": "2026-05-26T14:50:46.812Z",
"dateUpdated": "2026-05-27T17:04:29.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-48917",
"date": "2026-06-18",
"epss": "0.0027",
"percentile": "0.18452"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48917\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2026-05-27T15:16:31.347\",\"lastModified\":\"2026-06-02T16:14:59.163\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:ldap:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"793.v754d6b_41b_ea_4\",\"matchCriteriaId\":\"B3E0ADC0-1440-4D95-890A-FA768B719991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:ldap:807.v7d7de30930cf:*:*:*:*:jenkins:*:*\",\"matchCriteriaId\":\"493B6A53-7F52-4642-BAAB-7CE31636E65E\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48917\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-27T17:04:09.359441Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-27T17:04:26.506Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Jenkins Project\", \"product\": \"Jenkins LDAP Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"807.v7d7de30930cf\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654\", \"name\": \"Jenkins Security Advisory 2026-05-27\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.\"}], \"providerMetadata\": {\"orgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"shortName\": \"jenkins\", \"dateUpdated\": \"2026-05-27T14:13:46.363Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48917\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-27T17:04:29.371Z\", \"dateReserved\": \"2026-05-26T14:50:46.812Z\", \"assignerOrgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"datePublished\": \"2026-05-27T14:13:46.363Z\", \"assignerShortName\": \"jenkins\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-48917
Vulnerability from fkie_nvd - Published: 2026-05-27 15:16 - Updated: 2026-06-17 10:55
Severity
Summary
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
References
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Jenkins LDAP Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "807.v7d7de30930cf",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"source": "jenkinsci-cert@googlegroups.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:ldap:*:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "B3E0ADC0-1440-4D95-890A-FA768B719991",
"versionEndIncluding": "793.v754d6b_41b_ea_4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:ldap:807.v7d7de30930cf:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "493B6A53-7F52-4642-BAAB-7CE31636E65E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation."
}
],
"id": "CVE-2026-48917",
"lastModified": "2026-06-17T10:55:23.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-48917",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T17:04:09.359441Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-27T15:16:31.347",
"references": [
{
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654"
}
],
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-X9V8-P946-5PWC
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 18:31
VLAI
Details
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
Severity
6.6 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-48917"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T15:16:31Z",
"severity": "MODERATE"
},
"details": "Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.",
"id": "GHSA-x9v8-p946-5pwc",
"modified": "2026-05-27T18:31:38Z",
"published": "2026-05-27T15:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48917"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-1707
Vulnerability from csaf_certbund - Published: 2026-05-27 22:00 - Updated: 2026-05-27 22:00Summary
Jenkins Plugins: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Jenkins Plugins ausnutzen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuführen, um beliebigen Programmcode auszuführen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Jenkins Jenkins GitHub Integration Plugin <0.7.4
Jenkins / Jenkins
|
GitHub Integration Plugin <0.7.4 | ||
|
Jenkins Jenkins Email Extension Plugin <1933.1935.v276319e3cc47
Jenkins / Jenkins
|
Email Extension Plugin <1933.1935.v276319e3cc47 | ||
|
Jenkins Jenkins Credentials Binding Plugin <725.ve52b_2328a_fde
Jenkins / Jenkins
|
Credentials Binding Plugin <725.ve52b_2328a_fde | ||
|
Jenkins Jenkins Bitbucket OAuth Plugin <0.18
Jenkins / Jenkins
|
Bitbucket OAuth Plugin <0.18 | ||
|
Jenkins Jenkins AppSpider Plugin <1.0.18
Jenkins / Jenkins
|
AppSpider Plugin <1.0.18 | ||
|
Jenkins Jenkins Active Directory Plugin <2.41.1
Jenkins / Jenkins
|
Active Directory Plugin <2.41.1 | ||
|
Jenkins Jenkins Pipeline: Groovy Libraries Plugin <798.v5cc688825312
Jenkins / Jenkins
|
Pipeline: Groovy Libraries Plugin <798.v5cc688825312 | ||
|
Jenkins Jenkins Multijob Plugin <669.v9d96a_d9c71b_0
Jenkins / Jenkins
|
Multijob Plugin <669.v9d96a_d9c71b_0 | ||
|
Jenkins Jenkins LDAP Plugin <807.809.vd3a_4e5e4ec98
Jenkins / Jenkins
|
LDAP Plugin <807.809.vd3a_4e5e4ec98 | ||
|
Jenkins Jenkins Job Import Plugin <143.145.v48f9a_a_6ff384
Jenkins / Jenkins
|
Job Import Plugin <143.145.v48f9a_a_6ff384 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Jenkins Plugins ausnutzen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um beliebigen Programmcode auszuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1707 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1707.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1707 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1707"
},
{
"category": "external",
"summary": "Jenkins Security Advisory 2026-05-27 vom 2026-05-27",
"url": "https://www.jenkins.io/security/advisory/2026-05-27/"
}
],
"source_lang": "en-US",
"title": "Jenkins Plugins: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-27T22:00:00.000+00:00",
"generator": {
"date": "2026-05-28T10:05:38.479+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1707",
"initial_release_date": "2026-05-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Active Directory Plugin \u003c2.41.1",
"product": {
"name": "Jenkins Jenkins Active Directory Plugin \u003c2.41.1",
"product_id": "T054789"
}
},
{
"category": "product_version",
"name": "Active Directory Plugin 2.41.1",
"product": {
"name": "Jenkins Jenkins Active Directory Plugin 2.41.1",
"product_id": "T054789-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:active_directory_plugin__2.41.1"
}
}
},
{
"category": "product_version_range",
"name": "AppSpider Plugin \u003c1.0.18",
"product": {
"name": "Jenkins Jenkins AppSpider Plugin \u003c1.0.18",
"product_id": "T054790"
}
},
{
"category": "product_version",
"name": "AppSpider Plugin 1.0.18",
"product": {
"name": "Jenkins Jenkins AppSpider Plugin 1.0.18",
"product_id": "T054790-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:appspider_plugin__1.0.18"
}
}
},
{
"category": "product_version_range",
"name": "Bitbucket OAuth Plugin \u003c0.18",
"product": {
"name": "Jenkins Jenkins Bitbucket OAuth Plugin \u003c0.18",
"product_id": "T054791"
}
},
{
"category": "product_version",
"name": "Bitbucket OAuth Plugin 0.18",
"product": {
"name": "Jenkins Jenkins Bitbucket OAuth Plugin 0.18",
"product_id": "T054791-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:bitbucket_oauth_plugin__0.18"
}
}
},
{
"category": "product_version_range",
"name": "Credentials Binding Plugin \u003c725.ve52b_2328a_fde",
"product": {
"name": "Jenkins Jenkins Credentials Binding Plugin \u003c725.ve52b_2328a_fde",
"product_id": "T054792"
}
},
{
"category": "product_version",
"name": "Credentials Binding Plugin 725.ve52b_2328a_fde",
"product": {
"name": "Jenkins Jenkins Credentials Binding Plugin 725.ve52b_2328a_fde",
"product_id": "T054792-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:credentials_binding_plugin__725.ve52b_2328a_fde"
}
}
},
{
"category": "product_version_range",
"name": "Email Extension Plugin \u003c1933.1935.v276319e3cc47",
"product": {
"name": "Jenkins Jenkins Email Extension Plugin \u003c1933.1935.v276319e3cc47",
"product_id": "T054793"
}
},
{
"category": "product_version",
"name": "Email Extension Plugin 1933.1935.v276319e3cc47",
"product": {
"name": "Jenkins Jenkins Email Extension Plugin 1933.1935.v276319e3cc47",
"product_id": "T054793-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:email_extension_plugin__1933.1935.v276319e3cc47"
}
}
},
{
"category": "product_version_range",
"name": "GitHub Integration Plugin \u003c0.7.4",
"product": {
"name": "Jenkins Jenkins GitHub Integration Plugin \u003c0.7.4",
"product_id": "T054794"
}
},
{
"category": "product_version",
"name": "GitHub Integration Plugin 0.7.4",
"product": {
"name": "Jenkins Jenkins GitHub Integration Plugin 0.7.4",
"product_id": "T054794-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:github_integration_plugin__0.7.4"
}
}
},
{
"category": "product_version_range",
"name": "Job Import Plugin \u003c143.145.v48f9a_a_6ff384",
"product": {
"name": "Jenkins Jenkins Job Import Plugin \u003c143.145.v48f9a_a_6ff384",
"product_id": "T054795"
}
},
{
"category": "product_version",
"name": "Job Import Plugin 143.145.v48f9a_a_6ff384",
"product": {
"name": "Jenkins Jenkins Job Import Plugin 143.145.v48f9a_a_6ff384",
"product_id": "T054795-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:job_import_plugin__143.145.v48f9a_a_6ff384"
}
}
},
{
"category": "product_version_range",
"name": "LDAP Plugin \u003c807.809.vd3a_4e5e4ec98",
"product": {
"name": "Jenkins Jenkins LDAP Plugin \u003c807.809.vd3a_4e5e4ec98",
"product_id": "T054796"
}
},
{
"category": "product_version",
"name": "LDAP Plugin 807.809.vd3a_4e5e4ec98",
"product": {
"name": "Jenkins Jenkins LDAP Plugin 807.809.vd3a_4e5e4ec98",
"product_id": "T054796-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:ldap_plugin__807.809.vd3a_4e5e4ec98"
}
}
},
{
"category": "product_version_range",
"name": "Multijob Plugin \u003c669.v9d96a_d9c71b_0",
"product": {
"name": "Jenkins Jenkins Multijob Plugin \u003c669.v9d96a_d9c71b_0",
"product_id": "T054797"
}
},
{
"category": "product_version",
"name": "Multijob Plugin 669.v9d96a_d9c71b_0",
"product": {
"name": "Jenkins Jenkins Multijob Plugin 669.v9d96a_d9c71b_0",
"product_id": "T054797-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:multijob_plugin__669.v9d96a_d9c71b_0"
}
}
},
{
"category": "product_version_range",
"name": "Pipeline: Groovy Libraries Plugin \u003c798.v5cc688825312",
"product": {
"name": "Jenkins Jenkins Pipeline: Groovy Libraries Plugin \u003c798.v5cc688825312",
"product_id": "T054798"
}
},
{
"category": "product_version",
"name": "Pipeline: Groovy Libraries Plugin 798.v5cc688825312",
"product": {
"name": "Jenkins Jenkins Pipeline: Groovy Libraries Plugin 798.v5cc688825312",
"product_id": "T054798-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:pipeline_groovy_libraries_plugin__798.v5cc688825312"
}
}
}
],
"category": "product_name",
"name": "Jenkins"
}
],
"category": "vendor",
"name": "Jenkins"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-48916",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48916"
},
{
"cve": "CVE-2026-48917",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48917"
},
{
"cve": "CVE-2026-48918",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48918"
},
{
"cve": "CVE-2026-48919",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48919"
},
{
"cve": "CVE-2026-48920",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48920"
},
{
"cve": "CVE-2026-48921",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48921"
},
{
"cve": "CVE-2026-48922",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48922"
},
{
"cve": "CVE-2026-48923",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48923"
},
{
"cve": "CVE-2026-48924",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48924"
},
{
"cve": "CVE-2026-48925",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48925"
},
{
"cve": "CVE-2026-48926",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48926"
},
{
"cve": "CVE-2026-48927",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-48927"
},
{
"cve": "CVE-2026-9674",
"product_status": {
"known_affected": [
"T054794",
"T054793",
"T054792",
"T054791",
"T054790",
"T054789",
"T054798",
"T054797",
"T054796",
"T054795"
]
},
"release_date": "2026-05-27T22:00:00.000+00:00",
"title": "CVE-2026-9674"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…