Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AnalysisAI
Jenkins Job Import Plugin version 143.v044a_2e819b_27 and earlier exposes credentials ID enumeration to any authenticated user holding the minimal Overall/Read permission due to a missing permission check on an HTTP endpoint. Any low-privileged Jenkins user can query this endpoint and retrieve the IDs of all credentials stored in the Jenkins credentials store, enabling reconnaissance for follow-on credential-targeting attacks. No public exploit has been identified at time of analysis, CISA has not listed this in KEV, and SSVC rates exploitation status as none with partial technical impact.
Technical ContextAI
The Jenkins Job Import Plugin facilitates importing job configurations from remote Jenkins instances and, as part of its functionality, exposes HTTP API endpoints that interact with Jenkins' internal credentials store. The root cause is CWE-269 (Improper Privilege Management): the plugin's HTTP endpoint responsible for listing credentials does not enforce a privilege gate - such as the Credentials/View or Job/Configure permission - before returning data. Jenkins employs a granular role-based authorization model; Overall/Read is the lowest authenticated permission level, typically assigned by default to all logged-in users. By failing to require a higher permission tier, the endpoint leaks credentials IDs (not credential values) to effectively any authenticated user. The affected scope spans all releases of the plugin from version 0 through 143.v044a_2e819b_27, as confirmed by ENISA EUVD-2026-32517.
RemediationAI
Upgrade the Jenkins Job Import Plugin to a version newer than 143.v044a_2e819b_27 per the Jenkins Security Advisory at https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3783 - the exact patched release version was not confirmed in available input data and should be verified directly against that advisory before deployment. If immediate patching is not feasible, a compensating control is to restrict Overall/Read access in Jenkins global security configuration to only explicitly trusted personnel, reducing the pool of users who can reach the vulnerable endpoint; however, this trades off against normal developer self-service access and may require workflow adjustments. An additional compensating measure is to audit stored credentials and ensure IDs do not reveal sensitive metadata (e.g., environment names, account types), reducing the reconnaissance value of enumeration without eliminating the underlying vulnerability.
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive j
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in. Rated high severity (CVSS 8.
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32517
GHSA-p8jh-4p5p-2rfp