Skip to main content

Jenkins EC2 Fleet Plugin CVE-2026-57294

| EUVDEUVD-2026-38775 MEDIUM
Missing Authorization (CWE-862)
2026-06-24 jenkins GHSA-9v77-j4xv-34gq
5.4
CVSS 3.1 · Vendor: jenkins
Share

Severity by source

Vendor (jenkins) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
4.3 MEDIUM

PR:L confirmed by Overall/Read requirement; I:N because the flaw captures credentials but does not modify Jenkins data; C:L scoped to the Jenkins component.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (jenkins).

CVSS VectorVendor: jenkins

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 24, 2026 - 16:24 vuln.today
CVSS changed
Jun 24, 2026 - 16:22 NVD
5.4 (None) 5.4 (MEDIUM)
CVE Published
Jun 24, 2026 - 13:20 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.

AnalysisAI

Missing permission check in Jenkins EC2 Fleet Plugin versions up to 4.2.3.539.v8fedff2a_81c3 enables any authenticated user holding the low-privilege Overall/Read role to trigger a credential-capture attack by directing the plugin to connect to an attacker-controlled endpoint and transmitting AWS credentials stored in Jenkins. The attacker must independently obtain a valid credential ID before exploiting this flaw, making it a chained attack rather than a direct standalone exploit. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Jenkins account with Overall/Read access
Delivery
Enumerate or harvest AWS credential IDs via separate method
Exploit
Craft connectivity-test request to EC2 Fleet Plugin endpoint
Execution
Specify attacker-controlled URL and harvested credential ID
Persist
Jenkins transmits AWS credentials to attacker server
Impact
Leverage captured credentials against victim AWS environment

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid Jenkins account with at least the Overall/Read permission - the minimum authenticated role granted to any logged-in Jenkins user, meaning this is effectively a low-barrier authenticated attack in most Jenkins deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 5.4 (Medium) reflects network accessibility (AV:N), low privilege requirement (PR:L), and modest confidentiality and integrity impacts (C:L/I:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid Jenkins account (any account with Overall/Read, the default for all authenticated users) first enumerates credential IDs stored in Jenkins through a separate method - such as another plugin vulnerability, a misconfigured credential API response, or insider knowledge. The attacker then calls the EC2 Fleet Plugin's connectivity-test endpoint, supplying an attacker-controlled server as the target URL and the harvested credential ID, causing Jenkins to authenticate to the attacker's server and transmit the AWS credentials. …
Remediation The primary remediation is to upgrade the Jenkins EC2 Fleet Plugin to the version released in response to SECURITY-3774 as documented in the Jenkins Security Advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3774. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57294 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy