Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CSRF canonically requires victim interaction (UI:R); PR:L confirmed because authentication is required; no confidentiality or availability impact applies.
Primary rating from Vendor (jenkins).
CVSS VectorVendor: jenkins
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.
AnalysisAI
Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Jenkins session with at minimum low-privilege access (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) reflects a moderate, low-integrity-impact issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege Jenkins user - such as a developer with read and build rights but no configuration authority - crafts a direct HTTP request to the Pipeline Snippet Generator API endpoint, omitting the CSRF crumb token. Because the endpoint lacks crumb validation, Jenkins accepts the request and instantiates a configuration-related Java type (e.g., a credentials binding or job property object) that the user could not otherwise access through the normal UI. … |
| Remediation | The primary remediation is upgrading the Jenkins Pipeline: Groovy Plugin to a version beyond 4331.v9d06ed4658ff as directed by the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jenkins Pipeline
View allSame weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38763
GHSA-72c8-3wwg-r59w