Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Network-reachable endpoint requires only Overall/Read authentication (PR:L); SSRF-like probing yields limited confidentiality and integrity impact with no availability consequence.
Primary rating from Vendor (jenkins).
CVSS VectorVendor: jenkins
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.
AnalysisAI
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow any authenticated user holding the minimal Overall/Read Jenkins role to trigger outbound connections from the Jenkins controller to an attacker-specified URL using credential IDs sourced through a secondary method. This creates an SSRF-like primitive enabling internal network probing and credential ID validation without administrative access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid Jenkins user account with at least the Overall/Read permission, which is the lowest non-anonymous role in a standard Jenkins deployment and is commonly granted to all authenticated users in shared CI environments. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.4 Medium rating and the AV:N/AC:L/PR:L profile are internally consistent: network reachability and low complexity are offset by the PR:L requirement, which limits exploitation to users who already hold valid Jenkins credentials. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a standard Jenkins account (Overall/Read) first obtains a valid credential ID from the Jenkins store through a secondary information-disclosure method. They then send a crafted HTTP request to the Gitee Plugin's connection-test endpoint, specifying an attacker-controlled server as the target URL and supplying the harvested credential ID. … |
| Remediation | The primary fix is to upgrade the Jenkins Gitee Plugin to a version beyond 1288.v18b_deb_c9069b_ that incorporates the corrected permission checks, as described in the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3762%20(1). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jenkins Gitee Plugin
View allCross-site request forgery in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows network-accessible attackers
Credential ID enumeration in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows authenticated attackers holdi
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38772
GHSA-wjmq-rpqq-w4h9