EUVD-2026-33712
GHSA-978x-993q-q6rw
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Server-side request forgery (SSRF) in hekmon8/Jenkins-server-mcp 0.1.0 allows a remote, low-privileged attacker to forge outbound HTTP requests from the server by manipulating the jobPath parameter across the get_build_status, get_build_log, and trigger_build functions in src/index.ts. The flaw stems from absent or insufficient validation of user-supplied job path values before they are used to construct server-side requests to Jenkins. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold low-privileged authenticated access to the Jenkins-server-mcp instance (PR:L in CVSS 4.0 vector), meaning unauthenticated exploitation is not supported by the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 (Low) reflects a constrained but real risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privileged authenticated access to a deployment of Jenkins-server-mcp - such as an AI agent operator or developer with tool invocation rights - sends a crafted jobPath value (e.g., a URL-encoded path pointing to an internal service like http://169.254.169.254/latest/meta-data/) to the get_build_status or trigger_build function. The server processes the path without validation and issues an outbound HTTP request to the attacker-controlled destination, potentially returning sensitive internal data in the response. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the maintainer had not responded to the disclosure as of the report date. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today